Meeting documentation needs on one hand, protecting data on the other: with DocuWare you can store documents securely and confidentially for as long as necessary. But you can also delete documents in a secure and legally compliant way.
Legal guidelines as well as industry and application-specific regulations may require business documents to be stored (often for decades) to have on hand for audits or to address liability issues. Depending on each document and region, retention requirements and deadlines can vary greatly. So to make sure you meet all retention requirements, it’s important to know what legal requirements apply to the different types of documents that you are storing.
Access rights that can be minutely controlled ensure the greatest possible protection for sensitive information during every phase.
Deleting after retention period
So what happens to documents once the required period to retain them has expired? The default setup is that they are deleted as soon as a specified deadline has been reached. For example, the GDPR even has rules that documents cannot be held longer than necessary as a form of personal data protection (Article 6 GDPR).
Companies must therefore establish clear processes for both retaining and deleting documents. With DocuWare, this process can be securely controlled and largely automated.
Tips for implementing with DocuWare
Autoindex and Task Manager, among others, ensure a transparent process in which the relevant documents are identified and then removed from an archive. The following tips show examples of how this process can be organized with DocuWare as well as with help from Autoindex and Task Manager.
The key is to file your documents by type. This means quite simply that when documents are stored in DocuWare, they are indexed according to their document type – such as job application, offer letter incoming invoice or outgoing invoice. With a fixed select list, you ensure that all users enter the same terms when choosing a document type.
Another important index criteria you can set up is a document‘s retention period. For example, if the prescribed retention period is 10 years, this period will be automatically added to the document or storage date. The Autoindex module can also be used to assign these classifications automatically in the background.
You‘ll also need a status field – changes here will ultimately guide the deletion process. Status choices might be, for example, Retained, Check for deletion and Released for deletion.
Documents whose retention period has expired should be checked and released for deletion by at least one employee (two-eyed principle) or two employees (four-eyed principle) in order to rule out incorrect deletions. You can determine who is responsible for this control using the appropriate user roles.
Employees authorized to check the documents will then receive them via lists, which are set up in DocuWare Configuration. Autoindex controls when and which documents appear in these lists. This clever module regularly checks the values stored for the documents and changes the status to Check for deletion as soon as a retention period has expired.
List of documents now due for deletion since their retention period has expired
The final go-ahead for deletion is granted via digital stamp. This is configured so that it changes a document‘s status to Released for deletion. A document is then finally deleted with a deletion policy that is run as soon as it has been stamped for deletion. A time control allows you to define when the deletion is finally executed.
Deletion policy created in DocuWare Configuration - for documents released for deletion
What if you aren‘t really allowed to delete yet...
Let’s say you are asked by someone to delete their personal data in accordance with the GDPR, but the retention period for the documents concerned has not yet expired? There is also a solution for this! You don‘t delete the document, but you can limit who sees it – by means of an index value profile – so that only certain users may view these documents. In this way, you have satisfied both data protection and retention requirements.
DocuWare also supports you in other processes controlling the flow of information and transfer of personal data in accordance with GDPR with the help of the modules DocuWare Request, Forms and Workflow Manager.
For further information on how DocuWare can help you store documents in compliance with legal requirements, check out DocuWare‘s Configuration Tips for GDPR-Compliant Working.