GDPR compliance

GDPR came into effect on 25 May 2018

Data privacy with Zetadocs

On 25 May 2018, a new European privacy law took effect. The General Data Protection Regulation (GDPR), establishes strict global privacy requirements governing how personal data is managed and protected whilst respecting individual choice no matter where data is sent, processed, or stored.

As part of your effort to comply with the GDPR, you will need to understand how the regulation defines personal and sensitive data and how those definitions relate to documents held by your business.

This page has been written to help Zetadocs administrators understand how they can secure access to documents stored in their Zetadocs electronic archive in network folders or in document libraries in SharePoint Server, or online in Office 365 using a combination of access permissions and multi-factor authentication.

Your obligations

Most business will have a legitimate interest to process documents that may contain personal identifiable information (PII). These businesses have a legal obligation to ensure that these documents are securely stored and that access to these documents are only by appropriately authorised staff whilst they have a business interest to do so.

GDPR requires you to implement appropriate technical and organizational security measures to protect personal data and processing systems. In the context of the GDPR, processing can mean any operation or set of operations, such as document capture, storage, retrieval, approval, delivery and destruction.

Document capture

Zetadocs multi-user document queues store scanned documents temporarily on Windows network folders until they are processed, linked to related Microsoft Dynamics 365 Business Central or NAV records, and permanently stored in the electronic archive for retrieval at a later data.

Zetadocs administrators must ensure that these network folders are only accessible by the Windows accounts of the staff responsible for processing these documents. Each Zetadocs Document Queue settings page in Business Central or NAV specifies the network path and has the option to delete the scanned document after it has been successfully archived which is recommended.

Document storage

Zetadocs provides two options for archiving documents:

Zetadocs SharePoint Extensions using SharePoint Document Libraries
Zetadocs Archive Service using network folders on Windows file servers

Zetadocs archives documents in a configurable three-tier folder name structure defined on the Zetadocs General Settings page in Business Central or NAV, or in code for custom folder needs. See the File planning advice articles in the references section of this page for more information on setting an appropriate folder structure.

Document retrieval

Only staff with a legitimate business interest should be able to access documents in the Zetadocs electronic archive.

Zetadocs uses Windows network security and SharePoint library permissions to protect access to archived documents. See the Manage access articles the references section of this page for more information on setting the appropriate permissions on archive folders.

SharePoint Online (Office 365) customers also have the additional security verification option for their cloud based electronic archive. See the references section of this page for more information on setting up multi-factor authentication (MFA) with Zetadocs.

Document approval

Zetadocs Approvals serves up documents from the Zetadocs electronic archive to Microsoft authenticated account users for approval.

Zetadocs Approvals supports Microsoft Work and School accounts in addition to Microsoft Personal accounts. These accounts can be enabled with multi-factor authentication if the business requires additional security verification.

Document delivery

Zetadocs Delivery can be configured to automatically attach additional related documents that are stored in the electronic archive or other network folders to outbound Business Central or NAV reports.

Businesses sending sensitive information via Zetadocs must consider the Documents Retrieval advice above to ensure that only sending staff have access to sensitive documents in the archive.

Zetadocs Delivery customers must also guard against document leakage by ensuring that the intended recipient is correct. They must only use email addresses and fax numbers stored against the intended Business Central or NAV contact rather than entering these manually when sending, and by confirming receipt of a test message before sending sensitive information.

Document destruction

Businesses should only keep documents for a long as they have a legitimate business interest to do so. Typically for Zetadocs customers, this period is governed by the number of years they must retain documents for tax or audit purposes.

Zetadocs makes it simple to identify target documents for deletion if you have configured date in the archive folder name structure.

References

SharePoint Archive file planning advice

Zetadocs Archive file planning advice

Manage access to SharePoint Online (O365) folders

Manage access to SharePoint Server folders

Manage access to Windows Server folders

Enable Zetadocs Delivery and Capture with MFA

Enable Zetadocs Approvals with MFA

Disclaimer

This page is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and your business. We encourage you to work with a legally-qualified professional to discuss GDPR, how it applies specifically to your business, and how best to ensure compliance.

Last updated 18 December 2018.

Replaced by script

What’s new in Zetadocs Delivery and Zetadocs Capture November 2024 update

This article describes the new features and other improvements in the November 2024 update of the Zetadocs Delivery and Zetadocs Capture Extension for Business Central.

What’s new in Zetadocs Expenses October 2024 update

This article describes the new features and other improvements in the October 2024 update of the Zetadocs Expenses service.

About us