Procedural Documentation according to GDPdU
The tax authority's administrative provisions - GDPdU (Principles on Data Access and Verifiability of Digital Documents) and GoBS (Principles of DP-based Orderly Accounting / Bookkeeping Systems) - define the requirements that apply to electronic archives, for instance. If a company wants to keep tax-relevant documents - for inspection purposes - solely in an electronic format, these requirements need to be fulfilled. The GDPdU, for instance, dictates audit-safety for the archived documents, i.e. an effective protection against alteration and deletion has to be implemented. What this is supposed to look like is not defined closer. In the past years, the industry offered various - often expensive - methods related to audit-safety. Examples include the still commonly used WORM and UDO jukeboxes.
In one of the recent annually published Statements of the Tax Authorities, dealing with the practical implementation of the GDPdU and the GoBS, made a clean sweep of the unertainty of many companies regarding orderly digital archiving. Questions concerning permissible storage devices for the GDPdU are answered by the tax authorities with the following statement: "The requirements were consciously formulated NOT to stipulate a specific type of technology or storage device". Thus, the storage on a server's normal harddisk is also permissible, if the GDPdU's requirements are implemented. bitfarm-Archiv DMS realises this with a soft-WORM procedure, which implements the stipulated restrictions on the software's side.
Evidence for the audit-safety of a Document Management System according to GDPdU is given by the Prodecural Documentation. On the one hand, this is the technical documentation of the utilised procedure on the software provider's side. On the other hand, it is the documentation of the organisational procedure within the company. In other words: who collects which documents where, when and how and what happens to them further. Lastly, to have a digial archiving solution recognised as GDPdU-conform, the sufficiency of all tax-relevant documents in the digital archive must be deducible from the organisational part. "Certificates", no matter what kind and issued by who, are not accepted by the tax authorities. This is also clearly pointed out in the current Statement again. Some providers like to advertise and draw customers with these certificates. Yet they do not have a binding force towards the examiners; here the presentation of a Procedural Documentation according to GDPdU is the only accepted proof. It is the task of every company, that wants to benefit from the saving of space which the electronic storage offers, to draw up such a documentation. bitfarm-Archiv provides the technical part of the documentation on each project and gladly helps drawing up the organisational part.
Please note: this only refers to the documents that have fiscal relevance. Documents with juridical relevance, e.g. contracts, have to be kept as the original. To sum up: tax authorities accept electronic receipts; the courts of law - in cases of dispute - will only accept originals. This is because the genuineness of signatures can only be attested from an original document.