Articles > Organisation and GDPR

GDPR - How to set data retention

Every type of document you upload or create through Legalesign has a data retention policy assigned to it and you can set these either at a per team or a per document level.

Go to the Organisation mini-site and click on "Data Retention" in the left hand column.

You will see a list of all your teams. Click on on one of the teams "Edit" and you will see the data retention settings for each document type: sent & signed documents, email attachments, your PDF/Word uploads, and text templates.

For each type of document you can set your default data retention period within that team, for up to seven years.

In addition, each document class has the tick box "Lock document retention - team user cannot change". This is ticked on by default. With this option you can set whether or not individual users can set data retention on a per-document basis within the team.

Be aware that updating the policies at the Organisation level will apply to all documents past and present, but if you enable users to set policies on a per-document level then you will need to return to each individual document if you wish to alter that policy later.

This is what the data retention page looks like for a team:

Data retention screenshot on Legalesign

At the bottom of that form are two additional options "Set signed pdf retention at a template-level", and "Approve all automated decisions".

If you tick to "Set signed pdf retention at a template level", this means that on the PDF edit page you will get the option to apply a specific retention period to any documents sent using that PDF template. You might use this if you have a re-usable PDF document that has its own data retention policy.

The "Approved all automated decisions" is ticked on by default. When the system detects a data retention policy is met, then it will check whether "Approve all automated decisions" is ticked. If so, it will require a human to approve the deletion. All users with the correct permissions will receive an email to alert them that a policy has expired.

Those users should visit the "Delete Data" section where they can see the document(s) that have expired and manually click to issue a final approval.

If you have many documents then this may not be practical and you may to use automated deletions. In which case untick this box and the system will go ahead and remove any documents when it detects a data retention policy has been met.

All deletion events are logged within the "Delete data" section of the Organisation webpages. Files are removed permanently while database records have their data wiped (although a record that there was a record still exists).

Because data (and potentially personal data) is stored in the database record (for example, field data) as well as in the document file, everything is wiped.