A Document Lifecycle consists of several phases, starting from the creation and ending with the deletion of the file
Specific documents can be stored without a time limit, while others have to be deleted after a defined period
- Using a document management system can not only help you with the general management process , but also assist you with regulatory compliance by deleting certain types of documents fully automated
What does Document Lifecycle Management (DLM) mean?
The idea of "document lifecycle" or "lifecycle management" was developed in the very early 1930s in the Unified States. The document lifecycle consists of the stages a record goes through from creation to archiving or deletion. The business requirements for effective information management change at each lifecycle stage of a document. When using a document management system, there must be support for each phase.
It begins with the capture or creation of a document, i.e. the entry into the DMS or ECM system. The subsequent phase of processing, for example within the framework of a workflow, is followed by archiving. The archived document is then available for research purposes and for further use. Modern DMS or ECM solutions make the archived documents available in a central, fully searchable database so that they can be called up at any time in a matter of seconds.
Although electronic storage or archiving is the longest phase in the document lifecycle, it is also limited. The minimum service life of documents is determined by statutory retention requirements. However, for many documents, especially those containing personal data, there is also a time limit within which they must be deleted. With the help of a DLM, the deletion of documents can take place automatically and in compliance with the law.
From the end of May 2018, the basic EU data protection regulation came into force. The rules for the protection of personal data laid down therein must be implemented by all companies. In many areas, bitfarm-Archiv document management (open source) can help to implement the requirements of the EU Data Protection Regulation.
Limited information use
bitfarm-Archiv DMS provides a comprehensive authorization concept for access to documents as well as metadata. This means that only those persons who need documents and information for their work have access to them. The assignment of authorizations is controlled centrally. These can be documented at any time (e.g. as part of the data processing directory) in the form of a report. The requirements "Privacy by design" & "Privacy by default" of the EU-DSGVO are met.
Each data record in the document management system has a history function. If required, it can be tracked and documented at any time at whom, when and in what form information was used. The duty to provide information prescribed in the EU-DSGVO can thus be fulfilled on request. Important in this context: Each physical user must be assigned a unique user account in the DMS and collective accounts ("warehouses") must be dispensed with
Protection of personal data
The theft of personal data is not only an unfortunate incident but also a financial risk for the trader. In the case of the theft of personal data, a comprehensive obligation to provide information applies to all data subjects - actively and not only upon request. With bitfarm-Archiv DMS, however, it is possible to store documents and metadata encrypted on the server. If an attacker succeeds in accessing these data, they are not considered stolen according to the EU-DSGVO - the active obligation to provide information no longer applies.
Compliance with deletion deadlines
Deadlines for the deletion of personal data have not only applied since the EU-DSGVO. bitfarm-Archiv DMS automatically derives these from the document classes as deletion classes with automatic assignment of the deletion date. On the other hand, the status within an editing process defines the deletion date individually depending on the editing status. Here, too, automated rules apply, which are created in the DMS for the various documents and data that occur with a personal reference. The report function for all deletion rules, which is available at any time, simplifies the maintenance of the process directory considerably. Moreover, deletion periods are now clearly defined for all documents and processes - one of the core requirements of the EU-DSGVO can be implemented efficiently and documentably in this way.
Automatically on the safe side
The core task of a document management system or electronic archiving is not only the secure storage of documents, but also their timely deletion.
Assigning the correct deletion date to every document and every record is not an easy matter. The scenarios, conditions and legal regulations that influence these deadlines are diverse.
For instance, even a simple justification of an operational interest in a document can be sufficient to allow it to be stored for much longer than is actually intended for this type of document.
This might be the case, for example, as part of an application process. Legislation stipulates that the application documents of rejected applicants must be deleted within a period of three months.
If you want to return to a particular applicant at a later date, you still have the option of manually extending the deletion period for his or her documents. However, this requires the applicant's consent.
The Enterprise version of bitfarm-Archiv offers a comprehensive Document Lifecycle Management (DLM) to meet and document the legally required deletion deadlines for different document classes. The deletion periods can either be linked to the document class or to the specific workflow of business processes, i.e. they can be configured precisely for each scenario.
A user with administrative authorizations can intervene manually in the automated process at any time. A report function also documents all settings and facilitates the creation of the legally required documents (directory of processing activities).
Document lifecycle management in practice
Setting up the deletion date
A document management system regulates the retention periods of all electronic documents and automatically ensures their deletion when they are no longer needed.
In order for this to succeed, it is first necessary to define the lifecycle of documents in the DMS. Some documents may be kept for any length of time, while others - especially those containing personal data - must be deleted at a certain point in time. Several factors need to be considered here. On the one hand, legal retention periods apply, and on the other hand, operational requirements define the time of deletion.
In corresponding specialist committees, the customer defines these requirements together with a data protection officer, which can then be configured by the administrator of the DMS.
In the simplest case, deletion periods are governed by document type. For commercial documents such as invoices, the legal retention period of 10 years applies. For building plans, on the other hand, the retention period is 30 years. Company formation documents should not be deleted at all.
This can be set appropriately for each archive and document class via the administrator. The DMS assigns the deletion date already at the moment of archiving a new document.
In the Viewer, i.e. in the "Storage and Archives" area, it is visible on the "Standard" tab for each document when the deletion date has been reached. There is a possibility of manual intervention for correspondingly authorized users. Clearing the deletion date will stop the automatic deletion. The predefined deletion deadline can also be restored for documents via the "Tools" menu.
Information about which documents are soon due for deletion is provided to the administrator via preconfigured bookmarks. It also shows which documents have already exceeded the normal retention period of the archive.
Combining Workflows with the DLM
In many cases, however, the retention period of a document is also based on operational processes and cannot be defined in advance in a blanket manner.
Example: In human resources, applications for an advertised position are collected in the DMS. After expiration of the deadline, presentation and evaluation of the applicants, the decision is made in favor of a new employee. His or her application is now to be retained for as long as he or she works for the company. The other applications must be deleted within a reasonable period of time.
This is where the coupling of the DLM with the workflow of a DMS comes in. To symbolize the state of processing of a document in bitfarm-Archiv, the status buttons are used,
The administrator can use the button "DLM active elements" to provide each status button and many additional fields with functions to set the deletion period.