How a Document Lifecycle Management supports you in the implementation of the EU-DSGVO
The essentials in brief
-
A Document Lifecycle consists of several phases, starting from the creation and ending with the deletion of the file
-
Specific documents can be stored without a time limit, while others have to be deleted after a defined period
- Using a DMS can not only help you with the general management process , but also assist you with regulatory compliance by deleting certain types of documents fully automated
What does Document Lifecycle Management (DLM) mean?
The idea of "document lifecycle" or "lifecycle management" was developed in the very early 1930s in the Unified States. The document lifecycle consists of the stages a record goes through from creation to archiving or deletion. The business requirements for effective information management change at each lifecycle stage of a document. When using a document management system, there must be support for each phase.
It begins with the capture or creation of a document, i.e. the entry into the DMS or ECM system. The subsequent phase of processing, for example within the framework of a workflow, is followed by archiving. The archived document is then available for research purposes and for further use. Modern DMS or ECM solutions make the archived documents available in a central, fully searchable database so that they can be called up at any time in a matter of seconds.
Although electronic storage or archiving is the longest phase in the document lifecycle, it is also limited. The minimum service life of documents is determined by statutory retention requirements. However, for many documents, especially those containing personal data, there is also a time limit within which they must be deleted. With the help of a DLM, the deletion of documents can take place automatically and in compliance with the law.
From the end of May 2018, the basic EU data protection regulation came into force. The rules for the protection of personal data laid down therein must be implemented by all companies. In many areas, bitfarm-Archiv document management (open source) can help to implement the requirements of the EU Data Protection Regulation.
What are the stages in documentation lifecycle management?
The stages in Sdocumentation lifecycle management may of course differ in individual cases, but here is a list of the most common steps:
-
Creation: Developing new documents or capturing information in an organized manner.
-
Revision: Updating and modifying existing documents to ensure they remain accurate and relevant.
-
Approval: Reviewing and accepting the document to ensure it meets the required standards and quality.
-
Distribution: Sharing and editing the document with relevant users.
-
Storage and retrieval: Keeping the document organized and easily accessible.
-
Archiving: Saving documents for future reference or regulatory purposes.
- Deletion: Deleting or destroying documents that are no longer needed or have to be deleted.
Limited information use
bitfarm-Archiv DMS provides a comprehensive authorization concept for access to documents as well as metadata. This means that only those persons who need documents and information for their work have access to them. The assignment of authorizations is controlled centrally. These can be documented at any time (e.g. as part of the data processing directory) in the form of a report. The requirements "Privacy by design" & "Privacy by default" of the EU-DSGVO are met.
Documentation
Each data record in the document management system has a history function. If required, it can be tracked and documented at any time at whom, when and in what form information was used. The duty to provide information prescribed in the EU-DSGVO can thus be fulfilled on request. Important in this context: Each physical user must be assigned a unique user account in the DMS and collective accounts ("warehouses") must be dispensed with
Protection of personal data
The theft of personal data is not only an unfortunate incident but also a financial risk for the trader. In the case of document loss or theft of personal data, a comprehensive obligation to provide information applies to all data subjects - actively and not only upon request. With bitfarm-Archiv DMS, however, it is possible to secure storage encrypted on the server. If an attacker succeeds in accessing these data, they are not considered stolen according to the EU-DSGVO - the active obligation to provide information no longer applies.
Compliance with deletion deadlines
Deadlines for the deletion of personal data have not only applied since the EU-DSGVO. bitfarm-Archiv DMS automatically derives these from the document classes as deletion classes with automatic assignment of the deletion date. On the other hand, the status within an editing process defines the deletion date individually depending on the editing status. Here, too, automated rules apply, which are created in the DMS for the various documents and data that occur with a personal reference. The report function for all deletion rules, which is available at any time, simplifies the maintenance of the process directory considerably. Moreover, deletion periods are now clearly defined for all documents and processes - one of the core requirements of the EU-DSGVO can be implemented efficiently and documentably in this way.
Automatically on the safe side
The core task of a document management system or electronic archiving is not only the secure storage of documents, but also their timely deletion.
Assigning the correct deletion date to every document and every record is not an easy matter. The scenarios, conditions and legal regulations that influence these deadlines are diverse.
For instance, even a simple justification of an operational interest in a document can be sufficient to allow it to be stored for much longer than is actually intended for this type of document.
This might be the case, for example, as part of an application process. Legislation stipulates that the application documents of rejected applicants must be deleted within a period of three months.
If you want to return to a particular applicant at a later date, you still have the option of manually extending the deletion period for his or her documents. However, this requires the applicant's consent.
The Enterprise version of bitfarm-Archiv offers a comprehensive Document Lifecycle Management (DLM) to meet and document the legally required deletion deadlines for different document classes. The deletion periods can either be linked to the document class or to the specific workflow of business processes, i.e. they can be configured precisely for each scenario.
A user with administrative authorizations can intervene manually in the automated process at any time. A report function also documents all settings and facilitates the creation of the legally required documents (directory of processing activities).
Document lifecycle management: Best practices
Let's summarize the information we've gathered so far into best practices which are used by many companies. Here, too, it should be mentioned that these can of course vary in individual cases and that other points, which are not listed here, may also come into question.
-
Define ownership and responsibility
One of the first steps in effective document lifecycle management is to clearly define who is responsible for creating, maintaining, and retiring documents. This helps to ensure that there is a clear chain of custody and that everyone involved in the process is aware of their responsibilities. This means, in a company, document owners might be individual departments or business units, while responsibility for maintaining and retiring documents could fall to a central records management team.
-
Establish clear policies and procedures
Having clear policies and procedures in place for document management is essential for ensuring consistency and efficiency. This includes defining the processes for document creation, revision, approval, storage, and retrieval. For example, policies could include guidelines for naming and numbering documents, establishing approval workflows, and setting retention schedules for different types of documents.
-
Use appropriate technologies
-
Ensure proper version control
- Regularly review and update documents
- Provide training and support
- Adhere to regulatory requirements
- Monitor and evaluate performance
Technology can play a critical role in optimizing document lifecycle management processes. There are many different tools and systems available, including document management software, content management systems, and digital asset management systems. These technologies can help organizations automate document management processes, ensure security and accessibility, and provide a centralized repository for all documents. They also offer features such as version control, audit trails, and metadata management, which can greatly improve efficiency and reduce the risk of errors.
Maintaining multiple versions of a document is important for ensuring that the latest version is easily accessible and for preserving a history of changes. Proper version control also helps to avoid confusion and potential disputes over which version of a document is the most current. This can be achieved through the use of document management software, which automatically tracks and archives previous versions of a document.
Documents are often subject to change over time, as they become outdated or new information is added. To ensure that documents remain accurate and relevant, it is important to regularly review and update them. Regular reviews also help to identify any gaps in the information and ensure that documents are consistent with regulatory requirements and company policies.
Document lifecycle management processes can be complex, and it is important for staff to be trained and supported in their use. This can include training on the use of specific tools and systems, as well as guidance on best practices for document management.Providing ongoing support and resources to staff helps to ensure that they are equipped to use document management processes effectively and that they can continue to improve over time.
Many organizations are subject to a range of regulatory requirements that impact document management, including data protection, privacy, and information security laws. It is important to ensure that document management processes comply with these regulations and that there are procedures in place to manage sensitive information securely. This may involve implementing secure storage and retrieval systems, encryption, and access controls to ensure that only authorized individuals can access sensitive information.
Finally, it is important to regularly monitor and evaluate the performance of document management processes to identify opportunities for improvement. This can involve tracking metrics such as the number of documents created and revised, the time taken to approve documents, and the number of errors or omissions.
An example withing a DMS
Setting up the deletion date
A document management system regulates the retention periods of all electronic documents and automatically ensures their deletion when they are no longer needed.
In order for this to succeed, it is first necessary to define the lifecycle of documents in the DMS. Some documents may be kept for any length of time, while others - especially those containing personal data - must be deleted at a certain point in time. Several factors need to be considered here. On the one hand, legal retention periods apply, and on the other hand, operational requirements define the time of deletion.
In corresponding specialist committees, the customer defines these requirements together with a data protection officer, which can then be configured by the administrator of the DMS.
In the simplest case, deletion periods are governed by document type. For commercial documents such as invoices, the legal retention period of 10 years applies. For building plans, on the other hand, the retention period is 30 years. Company formation documents should not be deleted at all.
This can be set appropriately for each archive and document class via the administrator. The DMS assigns the deletion date already at the moment of archiving a new document.
In the Viewer, i.e. in the "Storage and Archives" area, it is visible on the "Standard" tab for each document when the deletion date has been reached. There is a possibility of manual intervention for correspondingly authorized users. Clearing the deletion date will stop the automatic deletion. The predefined deletion deadline can also be restored for documents via the "Tools" menu.
Information about which documents are soon due for deletion is provided to the administrator via preconfigured bookmarks. It also shows which documents have already exceeded the normal retention period of the archive.
Combining Workflows with the DLM
In many cases, however, the retention period of a document is also based on operational processes and cannot be defined in advance in a blanket manner.
Example: In human resources, applications for an advertised position are collected in the DMS. After expiration of the deadline, presentation and evaluation of the applicants, the decision is made in favor of a new employee. His or her application is now to be retained for as long as he or she works for the company. The other applications must be deleted within a reasonable period of time.
This is where the coupling of the DLM with the workflow of a DMS comes in. To symbolize the state of processing of a document in bitfarm-Archiv, the status buttons are used,
The administrator can use the button "DLM active elements" to provide each status button and many additional fields with functions to set the deletion period.