Data retention is a controversial instrument of governments and their agencies with the background of fighting terrorism and crime. In 2006 the European Union (EU) passed the directive 2006/24/EC, which is about the retention of data generated or processed in connection with the provision of publicly available electronic communications services, or of public communications networks. Based on the Austrian approach, this paper shows how it is possible for governments to implement a data retention system supporting authorities while taking into account a best possible protection of their citizens’ personal data and privacy. The authors implemented a proof-of-concept using a centrally managed service to exchange necessary retention data between corresponding authorities and provider. The concept is based on strong cryptographic algorithms ensuring end-to-end encryption while enabling central monitoring and administration. Therefore it is in conformity with the directive, as well as Austrian law, and enforces a core aspect to guarantee citizens privacy.