I'm working on implementing GDPR regulations for our mailboxes and have come across a specific scenario. When a user has a delegate who can see their inbox, they need to have a separate shared mailbox where only they are the owner. This setup ensures that the delegate can still access the mailbox while maintaining control over data ownership and consent, which are crucial under UK and EU laws.
When someone sends an email to these mailboxes, we want to set up an auto-reply notifying the sender that there are delegates viewing the mailbox. To ensure the confidentiality of their message, we want to instruct them to email [email protected] instead.
So far, this seems straightforward, but I've hit a snag with Exchange Online. Unfortunately, the mail transport rules don't support an auto-reply function. I considered using Outlook's server-side rules, but it would interfere with the out-of-office message and could be disabled by users whenever they want.
I'm wondering if there's another solution I'm missing. The transport rules allow for various actions like forwarding, redirecting, or notifying the recipient, but there's no option for 'Reply to Sender'. Is there a workaround with PowerShell, or would I need to look for a third-party solution?
2 Answers
It sounds like you're in a tricky spot there! Generally, for GDPR, you do need to ensure that sensitive information isn't accessible to those who shouldn't see it. However, the auto-reply notification idea is pretty neat.
You mentioned that Outlook server-side rules create issues for user settings, which I totally get. One workaround could be using PowerShell scripts to create rules that automatically send the auto-reply without giving users access to disable it. That way, it stays in place without needing daily checks on it. It might take some work to set up, but it could save you a lot of hassle long-term!
I've actually never heard of such strict requirements for delegating mailboxes under GDPR. Usually, as long as there's consent from the mailbox owner, shared access is okay.
But if your legal team is insisting on these precautions, make sure to document everything properly. Auto-reply templates might work too, though keeping Outlook open all the time can be a hassle. Just remember to keep your legal team in the loop about any processes you put in place to stay compliant!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures