Official/corporate emails – Yes, in most of the cases. However it depends on the nomenclature – while your example suggests using the name to create the email address which is a general practice, the email itself has Personally Identifiable Information.
Personal data is defined by the as “any information relating to an identified or identifiable natural person.”1 This broad definition encompasses work email addresses containing the business partner’s name or any business contact information tied to or related to an individual, such as the individual’s name, job title, company, business address, work phone number, etc. In contrast, personal data does not include generic business names, business addresses, generic email addresses or any other general business information, as long as this information has not been linked to an individual. So, for example, “email@example.com” would most likely be considered “personal data” governed by the GDPR whereas “firstname.lastname@example.org” would not.
What do you need to do with your emails :
- Make it generic and tie it with non name based nomenclature , such as email@example.com
- In case you have such emails (like what you mentioned) – keep them secure, encrypted and on a DSAR you should be able to either Purge or Archive it
- Treat them just like a contact information and your risk parity should be fine