How to Ensure Compliance via Document Retention
Compliance is a constant battle for business leaders. Even small infractions can be damaging between the fines and reputational harm. In previous articles, we looked at how UI/UX can enable more effective audit trials, but there’s another side to the story.
The right Electronic Document Management Systems (EDMSs) should make it easyfor employees to manage files. However, senior leaders also need to establish document retention guidelines for employees to follow, and use an EDMS to maintain them effectively.
To find out more, we sat down with James Baxter, one of Formpipe’s Software Developers working on Autoform DM. In this interview, he discussed why document retention is so important to ensure compliance, what document retention best practices look like, and some of the recent document retention developments within Autoform DM.
James, hello! Could you kick things off by telling us a little about your role at Formpipe and how it relates to Autoform DM?
So, I currently work on the development team. However, I have held various other roles in the past, including departmental management and solution architecture.
Altogether, this means I’ve been at Formpipe for something like 5 years. These days, I mostly focus on application development and build automation within Autoform DM.
Great! So, why is document retention so important for businesses today?
Well, document retention is crucial for businesses for several reasons, including legal, financial, and operational considerations.
Like most businesses, our customers place great importance on complying with legal requirements. Depending on the industry and country, they may be obligated to retain certain types of documents and for a specific period, too. Obviously, failure to meet these requirements can result in legal and financial penalties - not to mention harm to the company's reputation!
There are also lower-stakes or more mundane areas, like simply running your business effectively. Different client contracts, SOWs, invoices or customer data can quickly become difficult to manage without the right software. So, having document retention guidelines specifying where and for how long you store documents becomes essential.
On that first part, then – how long should a document/record be stored for and what should happen when it’s no longer needed or active?
The length of time an organisation should retain a document or record depends on a few different factors. These include specific document retention laws (GDPR being one), the type of document, the industry, and the organisation's internal policies.
Regardless, when a document is no longer required, it should be securely removed. I think this is where some organisations go wrong: making this process more difficult than it should be. The process and steps to remove a document from your database should be easy to understand. That’s why things like the software’s UI/IX are critical.
How does the right policy help organisations remain compliant with document retention laws like GDPR?
Fundamentally, GDPR requires organisations to limit the amount of personal data they collect and retain. The right document retention policy can help organisations reduce the amount of personal data they process and store.
This means they only retain data that is necessary for legitimate business purposes since everything else isn’t included in the first place. From here, like I said above, anything that then expires can be properly removed.
Why is it important for businesses to remain GDPR compliant and what is the cost of non-compliance (both financially and from a reputation perspective)?
In the EU, non-compliance with the GDPR can result in some costly fines. These can range from 2-4% of a company's global annual revenue or €10 million to €20 million (whichever is higher).
A data breach or violation of GDPR can also damage a company's reputation, which can result in a loss of customers, revenue, and investor confidence. Companies that take data privacy seriously and have robust data protection measures in place are likely to be more trusted by customers and investors.
Of course, the cost of non-compliance with other document retention laws depends on where you operate. We have customers in the US and APAC region, so we follow the strictest global standards to ensure they’re always protected.
Today, 77%* of business owners want to access files remotely, how does this affect document retention strategies and compliance?
In addition to the impact on document retention strategies and compliance mentioned earlier, remote access to files can increase the risk of non-compliance being discovered and litigated. This is because files and company data can be exposed to threat actors without the right access tools in place.
The trick is to find a cloud-native EDMS so you can benefit from the added security features that cloud computing offers. Ideally, you’d want to run everything in the same cloud architecture so you don’t have to worry about extra integrations, but a lot of SaaS software is cloud-agnostic, so there are plenty of options depending on your current and future IT environment.
What is Autoform DM’s new document retention policy and how does this differ from what was available in previous versions of DM?
We’ve introduced a new native capability to DM that enables it to recognise the expected lifetime of a document. This means that document retention periods can be applied without requiring any external components, which simplifies the entire process and reduces the risk of non-compliance.
We’ve also prioritised the user experience by allowing them to mark entire categories of documents as ‘expiring’ when a document reaches a certain age, as well as tagging specific documents with an expiration date. This means that your document retention policy can be automatically executed according to your guidelines, giving you less to worry about.
Why did Formpipe decide to launch this new document retention policy? (e.g. was it a reaction to tightening compliance rules? Did you get specific customer feedback?)
Yes and no. The move is part of a larger and ongoing strategy to enhance the "out of the box" capabilities of the software, whilst maintaining simplicity and promoting resilience.
We’re always listening to what our customers are saying and trying to think of ways to meet and exceed their needs, so it’s a combination of both, really.
How does the policy help protect DM customers from accidentally deleting data or not complying with document retention laws?
The system can be configured to prevent ad-hoc deletion. This means that it ensures documents can only be removed in accordance with pre-arranged retention (or deletion) rules. So, more documents you expect to be deleted are, and files you expect to stay around do so automatically.
What were the most important steps of developing these features and what did you have to take into consideration?
Like always, we look at our customers’ needs, how they fit within existing regulations and where there are or might be gaps in the future. Our aim was to design an intuitive yet powerful feature set that caters to a wide range of business scenarios, without surprising users with unexpected system functionality.
Additionally, we want to ensure the process is technically fast and robust, given the high volumes of data that are processed through these systems. We’re confident that what we’ve developed satisfies all these areas and users can easily create document retention guidelines to rely on.
What was your favourite part of the development process for DM’s document retention policy and why?
I'm particularly proud of the automated CI/CD process we have in place. The update allows developers to easily push them to a central location. From here, they’re then run through a battery of automated tests before being deployed to a dynamically provisioning instance of the software for peer review.
Is the new document retention policy already available to DM customers? If not, when can they expect it to come into place?
Yes, the wait is finally over! We are excited to announce that the release is now available. Without giving away too much, we've implemented some fantastic changes that we believe our customers will love.
Looking for a digital archiving solution that offers secure file access, first-class user experience and seamless integration? Autoform DM is easy-to-use and is compliant with ISO 27001, with a customisable audit trail. Find out more here or book a demo below.
