From the end of May 2018, the basic EU data protection regulation came into force. The rules for the protection of personal data laid down therein must be implemented by all companies. In many areas, bitfarm-Archiv document management can help to implement the requirements of the EU Data Protection Regulation.
Limited information use
bitfarm-Archiv DMS provides a comprehensive authorization concept for access to documents as well as metadata. This means that only those persons who need documents and information for their work have access to them. The assignment of authorizations is controlled centrally. These can be documented at any time (e.g. as part of the data processing directory) in the form of a report. The requirements "Privacy by design" & "Privacy by default" of the EU-DSGVO are met.
Each data record in the document management system has a history function. If required, it can be tracked and documented at any time at whom, when and in what form information was used. The duty to provide information prescribed in the EU-DSGVO can thus be fulfilled on request. Important in this context: Each physical user must be assigned a unique user account in the DMS and collective accounts ("warehouses") must be dispensed with
Protection of personal data
The theft of personal data is not only an unfortunate incident but also a financial risk for the trader. In the case of the theft of personal data, a comprehensive obligation to provide information applies to all data subjects - actively and not only upon request. With bitfarm-Archiv DMS, however, it is possible to store documents and metadata encrypted on the server. If an attacker succeeds in accessing these data, they are not considered stolen according to the EU-DSGVO - the active obligation to provide information no longer applies.
Compliance with deletion deadlines
Deadlines for the deletion of personal data have not only applied since the EU-DSGVO. bitfarm-Archiv DMS automatically derives these from the document classes as deletion classes with automatic assignment of the deletion date. On the other hand, the status within an editing process defines the deletion date individually depending on the editing status. Here, too, automated rules apply, which are created in the DMS for the various documents and data that occur with a personal reference. The report function for all deletion rules, which is available at any time, simplifies the maintenance of the process directory considerably. Moreover, deletion periods are now clearly defined for all documents and processes - one of the core requirements of the EU-DSGVO can be implemented efficiently and documentably in this way.
What does Document Lifecycle Management (DLM) mean?
By Document Lifecycle Management one comprehends a collection of functions of a document-managing software, say, a document management system (DMS). Document Lifecycle Management regulates the lifecycle of documents. This can be divided into four or more phases, depending on the type of document.
It begins with the capture or creation of a document, i.e. the entry into the DMS or ECM system. The subsequent phase of processing, for example within the framework of a workflow, is followed by archiving. The archived document is then available for research purposes and for further use. Modern DMS or ECM solutions make the archived documents available in a central, fully searchable database so that they can be called up at any time in a matter of seconds.
Although electronic storage or archiving is the longest phase in the document lifecycle, it is also limited. The minimum service life of documents is determined by statutory retention requirements. However, for many documents, especially those containing personal data, there is also a time limit within which they must be deleted. With the help of a DLM, the deletion of documents can take place automatically and in compliance with the law.
A detailed introduction of the bitfarm-Archiv DLM can be found in this video. (The video is only available in German)
Automatically on the safe side
The core task of a document management system or electronic archiving is not only the secure storage of documents, but also their timely deletion.
Assigning the correct deletion date to every document and every record is not an easy matter. The scenarios, conditions and legal regulations that influence these deadlines are diverse.
For instance, even a simple justification of an operational interest in a document can be sufficient to allow it to be stored for much longer than is actually intended for this type of document.
This might be the case, for example, as part of an application process. Legislation stipulates that the application documents of rejected applicants must be deleted within a period of three months.
If you want to return to a particular applicant at a later date, you still have the option of manually extending the deletion period for his or her documents. However, this requires the applicant's consent.
The Enterprise version of bitfarm-Archiv offers a comprehensive Document Lifecycle Management (DLM) to meet and document the legally required deletion deadlines for different document classes. The deletion periods can either be linked to the document class or to the specific workflow of business processes, i.e. they can be configured precisely for each scenario.
A user with administrative authorizations can intervene manually in the automated process at any time. A report function also documents all settings and facilitates the creation of the legally required documents (directory of processing activities).