How to enforce your Data Retention Policy through automation.

If you are aware of what GDPR means or how ISO QA systems work, you already know why you should create a Data Retention Policy or Record Keeping Policy in your organization. Today I want to show how Docuo can help automatize that policy.

In the spring of 2018, we talked about and was mentioned everywhere, the General Data Protection Regulation or GDPR. This regulation was introduced to protect everyone’s data in a more secure manner and to retain that information for as long as deemed necessary.

Since then, companies have been updating or even creating a data retention policy to ensure they are complying with this regulation.

One of the key tools to met these requirements is a Data Retention Policy or Record Keeping Policy.


To recap, a data retention policy is a set of standards or guidelines introduced into a company to help employees know how long a type of document should be kept. These documents can vary from employee records, sales receipts to even call logs and support tickets.

Below is a simple example of what a data retention policy may look like.

What now?

Now companies are comfortable with their data retention policy and how it operates, they may still be enforcing this manually. Manual operations to enforce a data retention policy is a strong solution but does have it’s drawbacks. There is no account for human error, the knowledge that a person will remember to move or delete records or a contingency plan for sickness or rapid business changes.

This is where a smart document management system (DMS) comes into play. These systems like Docuo can not only store such delicate information but can also enforce your data retention policy and act automatically to remove such personal information.

In this post

I will show you two different ideas of how Docuo can help, with a simple solution and a slightly more complex solution.

If you are a subscriber you can try these features out yourself. If you are not a subscriber yet don’t worry you can start a free trial today!

Solution 1

Let´s start with a simple solution, the example could be you have a client database in an Docuo category with vast amounts of personal data. Inline with your data retention policy once a client is no longer an “Active client” you only keep their data for 30 days.

Now, your category may have a simple process created for all your active clients. Great! Now, how do we automate actions to enforce our data retention policy? Let’s begin with, for example, all your clients will have a subscription end date as part of their metadata.

This means you can right-click the transition which is the arrow labelled “Client leaves service” where you can then tell Docuo that once the subscription end date is reached to move that clients information from “Active client” to “No longer client” through the window that looks like this…

TIP* In addition to the automation you can also force the client to move into the “No longer client” state manually by changing the date or moving the record yourself.

OK, so now we know the client is no longer active, how do we tell Docuo to remove that clients information after 30 days? Easy! In the process, we right-click on the state that is the circle labelled “No longer client” where you can now tell Docuo how long the information that is in this state can stay before being removed. You will see a configuration completed like this…

So here you have removed two manual tasks that could be very important and damaging if they are not handled correctly as they are based on time.

TIP* You can also set permissions for certain users to only see documents in the “Active client” state and not the “No longer client” state.

Solution 2

Let’s now imagine a more complex example like a sales offer process which may have an Docuo category process like this…

As you can see we have multiple transitions and states that can all be modified to help enforce your retention policy. Let’s take the transition “Client rejects” leading into the state “Rejected“, now as part of your retention policy all sales proposals not accepted after 14 days must be moved into “Rejected“. Then all rejected sales proposals may be kept for a maximum of 90 days.

First, you must tell Docuo when to move into “Rejected“. Right-click on the transition “Client rejects” and configure a condition like the previous example but this time we choose to move after 14 days and not on a specific date and your configuration will look like this…

TIP* You can create unique links for the client to accept or reject an offer by moving that transition for you.

Now your record has entered into the state “Rejected” like before, right-click the state and configure to delete records in this state after 90 days like this…

You can see both examples allow you too delete the document permanently or delete from the trash instead. The trash has a system set delete time frame that can be accessed in the settings by an Docuo administrator.

you can also repeat the same process for the “Archived” sales proposals and then to have them removed after 2 years (730 days).

TIP* You can set emails to be sent when documents move states or are deleted.

In both examples, you can see the possibilities to help you enforce your data retention policy and to help automate other areas to keep you within your time scales to maintain an active and progressive process.

What processes in your business do you think you could benefit from these features of retention policies and automation?

Don’t forget to log into your repository and try these features for yourself.

Docuo has much more to offer so please get in touch with us here to find out more information or request a demo. If you are currently a subscriber you can open a support ticket or speak to your sales representative.

Thank you and see you in the cloud!!





James Storey