Universiteit Leiden

nl en


Online safety: automatic forwarding to external email addresses no longer permitted

17 May 2023

Online safety is becoming increasingly important in the workplace. As of 15 June 2023, you are no longer allowed to automatically forward messages from your university mailbox to external email addresses. Automatic forwarding to internal email addresses remains possible.

What is automatic forwarding?

Automatic forwarding, also known as auto forwarding, is an option that allows you to automatically forward incoming emails to another email address. Although this option can be useful in some situations, automatically forwarding emails to an external email address is almost always a violation of the General Data Protection Regulation (GDPR). Moreover, you may (unintentionally) disclose protected, sensitive and confidential data.

These risks have led the Security Office to draw up a university policy. To protect your data, increase security and comply with the GDPR, automatic forwarding will be deactivated for all staff from 15 June.

What will still be possible?

You will still be able to automatically forward university emails to internal email addresses, for example to a colleague or group mailbox to ensure continuity of work in case of absence. You will also still be able to manually forward emails, to both internal and external email addresses. However, you are strongly urged to be aware at all times of what data you are forwarding, and to whom.


If there is a compelling reason to allow emails to be automatically forwarded in a specific instance, you can use the exceptions procedure to explain why this is. The Security Office will review your request and offer advice. Always discuss any exception requests with the Security Officer or Information Manager from your own faculty or unit before submitting them.


If you have questions about information security, feel free to ask them to the Information Security Officer from your own faculty or unit, or send your question to security@bb.leidenuniv.nl. More information can also be found on the staff website on Information security and privacy.

This website uses cookies.  More information.