Organisation and GDPR

GDPR - How to set data retention

Every type of document you upload or create through Legalesign has a data retention policy assigned to it and you can set these either at a per team or a per document level.

Go to the Organisation mini-site and click on "Data Retention" in the left hand column.

You will see a list of all your teams. Click on on one of the teams "Edit" and you will see the data retention settings for each document type: sent & signed documents, email attachments, your PDF/Word uploads, and text templates.

For each type of document you can set your default data retention period within that team, for up to seven years.

In addition, each document class has the tick box "Lock document retention - team user cannot change". This is ticked on by default. With this option you can set whether or not individual users can set data retention on a per-document basis within the team.

This is what the data retention page looks like for a team: Data retention screenshot on Legalesign At the bottom of that form are two additional options "Set signed pdf retention at a template-level", and "Approve all automated decisions".

If you tick to "Set signed pdf retention at a template level", this means that on the PDF edit page you will get the option to apply a specific retention period to any documents sent using that PDF template. You might use this if you have a re-usable PDF document that has its own data retention policy.

Those users should visit the "Delete Data" section where they can see the document(s) that have expired and manually click to issue a final approval.

If you have many documents then this may not be practical and you may to use automated deletions. In which case untick this box and the system will go ahead and remove any documents when it detects a data retention policy has been met.

All deletion events are logged within the "Delete data" section of the Organisation webpages. Files are removed permanently while database records have their data wiped (although a record that there was a record still exists).

Because data (and potentially personal data) is stored in the database record (for example, field data) as well as in the document file, everything is wiped.