…don't search – find!
Document Lifecycle Management

How a Document Lifecycle Management supports you in the imple­menta­tion of the EU-DSGVO

The essentials in brief

What does Document Life­cycle Manage­ment (DLM) mean?

The idea of "document lifecycle" or "lifecycle management" was developed in the very early 1930s in the Unified States. The document lifecycle consists of the stages a record goes through from creation to archiving or deletion. The business requirements for effective information management change at each lifecycle stage of a document. When using a document management system, there must be support for each phase.

It begins with the capture or creation of a document, i.e. the entry into the DMS or ECM system. The subsequent phase of processing, for example within the framework of a workflow, is followed by archiving. The archived document is then available for research purposes and for further use. Modern DMS or ECM solutions make the archived documents available in a central, fully searchable database so that they can be called up at any time in a matter of seconds.

Although electronic storage or archiving is the longest phase in the document lifecycle, it is also limited. The minimum service life of documents is determined by statutory retention requirements. However, for many documents, especially those containing personal data, there is also a time limit within which they must be deleted. With the help of a DLM, the deletion of documents can take place automatically and in compliance with the law.

From the end of May 2018, the basic EU data protection regu­lation came into force. The rules for the protection of personal data laid down therein must be implemented by all companies. In many areas, bitfarm-Archiv document management (open source) can help to implement the requirements of the EU Data Protection Regulation.

Diagram of the DLM

What are the stages in documentation lifecycle management?

The stages in Sdocumentation lifecycle management may of course differ in individual cases, but here is a list of the most common steps:

  1. Creation: Developing new documents or capturing information in an organized manner.

  2. Revision: Updating and modifying existing documents to ensure they remain accurate and relevant.

  3. Approval: Reviewing and accepting the document to ensure it meets the required standards and quality.
  4. Distribution: Sharing and editing the document with relevant users.
  5. Storage and retrieval: Keeping the document organized and easily accessible.
  6. Archiving: Saving documents for future reference or regulatory purposes.
  7. Deletion: Deleting or destroying documents that are no longer needed or have to be deleted.
What are the stages in documentation lifecycle management?

Limited information use

bitfarm-Archiv DMS provides a comprehensive authorization concept for access to documents as well as metadata. This means that only those persons who need documents and information for their work have access to them. The assignment of authorizations is controlled centrally. These can be documented at any time (e.g. as part of the data processing directory) in the form of a report. The requirements "Privacy by design" & "Privacy by default" of the EU-DSGVO are met.

Documentation

Each data record in the document management system has a history function. If required, it can be tracked and documented at any time at whom, when and in what form information was used. The duty to provide information prescribed in the EU-DSGVO can thus be fulfilled on request. Important in this context: Each physical user must be assigned a unique user account in the DMS and collective accounts ("warehouses") must be dispensed with

Protection of personal data

The theft of personal data is not only an unfortunate incident but also a financial risk for the trader. In the case of document loss or theft of personal data, a comprehensive obligation to provide information applies to all data subjects - actively and not only upon request. With bitfarm-Archiv DMS, however, it is possible to secure storage encrypted on the server. If an attacker succeeds in accessing these data, they are not considered stolen according to the EU-DSGVO - the active obligation to provide information no longer applies.

Compliance with deletion deadlines

Deadlines for the deletion of personal data have not only applied since the EU-DSGVO. bitfarm-Archiv DMS automatically derives these from the document classes as deletion classes with automatic assignment of the deletion date. On the other hand, the status within an editing process defines the deletion date individually depending on the editing status. Here, too, automated rules apply, which are created in the DMS for the various documents and data that occur with a personal reference. The report function for all deletion rules, which is available at any time, simplifies the maintenance of the process directory considerably. Moreover, deletion periods are now clearly defined for all documents and processes - one of the core requirements of the EU-DSGVO can be implemented efficiently and documentably in this way.

Automatically on the safe side

The core task of a document management system or electronic archiving is not only the secure storage of documents, but also their timely deletion.

Assigning the correct deletion date to every document and every record is not an easy matter. The scenarios, conditions and legal regulations that influence these deadlines are diverse.

For instance, even a simple justification of an operational interest in a document can be sufficient to allow it to be stored for much longer than is actually intended for this type of document.

This might be the case, for example, as part of an application process. Legislation stipulates that the application documents of rejected applicants must be deleted within a period of three months.

If you want to return to a particular applicant at a later date, you still have the option of manually extending the deletion period for his or her documents. However, this requires the applicant's consent.

The Enterprise version of bitfarm-Archiv offers a comprehensive Document Lifecycle Management (DLM) to meet and document the legally required deletion deadlines for different document classes. The deletion periods can either be linked to the document class or to the specific workflow of business processes, i.e. they can be configured precisely for each scenario.

A user with administrative authorizations can intervene manually in the automated process at any time. A report function also documents all settings and facilitates the creation of the legally required documents (directory of processing activities).

Document lifecycle management: Best practices

Let's summarize the information we've gathered so far into best practices which are used by many companies. Here, too, it should be mentioned that these can of course vary in individual cases and that other points, which are not listed here, may also come into question.

  • Define ownership and responsibility

    One of the first steps in effective document lifecycle management is to clearly define who is responsible for creating, maintaining, and retiring documents. This helps to ensure that there is a clear chain of custody and that everyone involved in the process is aware of their responsibilities. This means, in a company, document owners might be individual departments or business units, while responsibility for maintaining and retiring documents could fall to a central records management team.

  • Establish clear policies and procedures

    Having clear policies and procedures in place for document management is essential for ensuring consistency and efficiency. This includes defining the processes for document creation, revision, approval, storage, and retrieval. For example, policies could include guidelines for naming and numbering documents, establishing approval workflows, and setting retention schedules for different types of documents.

  • Use appropriate technologies
  • Technology can play a critical role in optimizing document lifecycle management processes.  There are many different tools and systems available, including document management software, content management systems, and digital asset management systems. These technologies can help organizations automate document management processes, ensure security and accessibility, and provide a centralized repository for all documents. They also offer features such as version control, audit trails, and metadata management, which can greatly improve efficiency and reduce the risk of errors.

  • Ensure proper version control 
  • Maintaining multiple versions of a document is important for ensuring that the latest version is easily accessible and for preserving a history of changes. Proper version control also helps to avoid confusion and potential disputes over which version of a document is the most current. This can be achieved through the use of document management software, which automatically tracks and archives previous versions of a document.

  • Regularly review and update documents
  • Documents are often subject to change over time, as they become outdated or new information is added. To ensure that documents remain accurate and relevant, it is important to regularly review and update them. Regular reviews also help to identify any gaps in the information and ensure that documents are consistent with regulatory requirements and company policies.

  • Provide training and support
  • Document lifecycle management processes can be complex, and it is important for staff to be trained and supported in their use. This can include training on the use of specific tools and systems, as well as guidance on best practices for document management.Providing ongoing support and resources to staff helps to ensure that they are equipped to use document management processes effectively and that they can continue to improve over time.

  • Adhere to regulatory requirements
  • Many organizations are subject to a range of regulatory requirements that impact document management, including data protection, privacy, and information security laws. It is important to ensure that document management processes comply with these regulations and that there are procedures in place to manage sensitive information securely. This may involve implementing secure storage and retrieval systems, encryption, and access controls to ensure that only authorized individuals can access sensitive information.

  • Monitor and evaluate performance
  • Finally, it is important to regularly monitor and evaluate the performance of document management processes to identify opportunities for improvement. This can involve tracking metrics such as the number of documents created and revised, the time taken to approve documents, and the number of errors or omissions.


Document lifecycle management best practices

An example withing a DMS

Setting up the deletion date

A document management system regulates the retention periods of all electronic documents and automatically ensures their deletion when they are no longer needed.

In order for this to succeed, it is first necessary to define the lifecycle of documents in the DMS. Some documents may be kept for any length of time, while others - especially those containing personal data - must be deleted at a certain point in time. Several factors need to be considered here. On the one hand, legal retention periods apply, and on the other hand, operational requirements define the time of deletion. 

In corresponding specialist committees, the customer defines these requirements together with a data protection officer, which can then be configured by the administrator of the DMS.

In the simplest case, deletion periods are governed by document type. For commercial documents such as invoices, the legal retention period of 10 years applies. For building plans, on the other hand, the retention period is 30 years. Company formation documents should not be deleted at all.

DLM Active Elements

This can be set appropriately for each archive and document class via the administrator. The DMS assigns the deletion date already at the moment of archiving a new document. 

In the Viewer, i.e. in the "Storage and Archives" area, it is visible on the "Standard" tab for each document when the deletion date has been reached. There is a possibility of manual intervention for correspondingly authorized users. Clearing the deletion date will stop the automatic deletion. The predefined deletion deadline can also be restored for documents via the "Tools" menu.

Information about which documents are soon due for deletion is provided to the administrator via preconfigured bookmarks. It also shows which documents have already exceeded the normal retention period of the archive.

Archive Deletion date

Combining Workflows with the DLM

In many cases, however, the retention period of a document is also based on operational processes and cannot be defined in advance in a blanket manner.

Example: In human resources, applications for an advertised position are collected in the DMS. After expiration of the deadline, presentation and evaluation of the applicants, the decision is made in favor of a new employee. His or her application is now to be retained for as long as he or she works for the company. The other applications must be deleted within a reasonable period of time.

This is where the coupling of the DLM with the workflow of a DMS comes in. To symbolize the state of processing of a document in bitfarm-Archiv, the status buttons are used,

The administrator can use the button "DLM active elements" to provide each status button and many additional fields with functions to set the deletion period.

Deletion date

Here we set a deletion period of four weeks for the status "rejected". The status "hired" on the other hand clears the deletion date. Another button "talent" should also empty the deletion date.

Back to the applications that are still waiting to be processed. Setting the correct status is part of the processing and is done either directly by the decision maker or the relevant department, depending on the workflow. If an application has been accepted and the applicant has been hired, the status "hired" means that no deletion deadline is set.

Other applicants were rejected. Setting the corresponding status here causes the automatic deletion of the applications in 4 weeks. An applicant had to be rejected at the moment, but might be interesting for the company again in the future. Therefore, the HR department wants to keep his application and sets the status "talent". Although "rejected" is also active, the deletion is suspended because "talent" is higher in the priority.

Certainly a simplified scenario. Nevertheless, it shows how the deletion periods can be precisely controlled depending on the respective company process. The settings made in the various areas enforce compliance with data protection regulations. 

For companies above a certain size, there is a comprehensive documentation obligation regarding the handling of personal data. bitfarm-Archiv makes a valuable contribution here with the report of effective document retention periods, which can be created at any time at the push of a button. The creation and ongoing maintenance of the register of processing activities becomes - with regard to the DMS - child's play. Are you interested in a video demonstration around the topic? We glady invite you to our YouTube Series (please enable english subtitles).