Personal data protection: Why a Records Management System is the perfect solution to effectively implement the GDPR.

One year in, since it came into effect in all countries of the European Union, the General Data Protection Regulation (GDPR) continues to give rise to considerable doubt and questions in many organizations. As a vendor of records management and digital preservation software, we at Arcsys are regularly approached by customers for assistance in ensuring their ERMS (Electronic Records Management System) meets GDPR compliance requirements. Often, we discover that substantial confusion prevails over the regulations, leading to the belief that the GDPR is an additional obstacle for records management systems. Admittedly, the fact that some of the key principles are summed up in just a few words – the Right to be Forgotten, for example – together with the continuous threat of major fines and the sudden increase in online privacy experts, does not help to see matters more clearly.

In light of the rules laid down by the GDPR, an ERMS provides an excellent means for organizations to meet personal data protection obligations and compliance.

As we know, the GDPR is not intended to prohibit the use, but rather the misuse, of personal data. We also know that the main purpose of an ERMS is to efficiently manage the series of processes involved in the preservation of digital assets. Therefore it is natural for there to be an overlap between records management guidelines and best practices in the ways in which personal data is handled.

Invoicing is a great example that illustrates the benefits of an ERMS when applying the GDPR.

An invoice is a document that businesses have a legal obligation to retain for a minimum of ten years, in most European countries. It is also a document that contains personal information, such as name, address, account number, customer ID, details of items purchased and so on. The GDPR does not specify that you delete or anonymize invoices. However it does stipulate that invoices must be identified as documents containing personal data; that they are stored on file for as long as is legally required and then destroyed; that their integrity is protected; that they are backed-up; that the contained information is not disclosed to unauthorized parties, and so on. All such requirements stem from established standard best practices and guidelines in records management.


If we examine best practices in data privacy recommended by some prominent national authorities in the European Union, (such as BFDI in Germany, CNIL in France, APD in Belgium, ICO in the UK, Garante per la Protezione dei Dati Personali in Italy), we can see a clear parallel with many of the standard functionalities within an ERMS.

  • Identification of what personal data an organization holds and a Risk Assessment

Before a record can be processed in an ERMS, it must first be documented with a set of unique descriptive data that is managed by the system. This information can meet a variety of requirements, including:

  • Functional : index search, retention periods, final disposition, owner, origin
  • Technical : storage media, file formats
  • Legal value : signatures, integrity certificates, timestamps

Any personal data displayed in a document is understood as merely an additional item of information to manage in the record’s description.

  • Management of personal data retention periods

Managing retention periods is a core element in any archive system. Beyond this, an ERMS can implement the applicable final disposition – destruction, permanent and/or partial preservation – once the record’s retention period comes to term.

  • Personal data isolation

With an ERMS, you can create a logical separation between different record categories and manage role-based user access.

  • Back-up of personal data

Records management systems are intended to guarantee the long term preservation of data for a designated retention period. Physical security mechanisms, such as back-up and multi-site storage are therefore standard features in an ERMS.

  • Verification of personal data integrity

Monitoring archive integrity is a common functionality in any ERMS, and a crucial one if there is a requirement to preserve the data’s legal value. Usually, integrity checking is based on an encryption mechanism that calculates a unique footprint for each document.

  • Audit trails

Whether it is electronic or paper-based archiving, audit trails are indispensable. They enable identification of who accesses which document and when. In an ERMS, audit trails track the events of a record’s lifecycle, including access, consultations, integrity checks – as well as events in a system’s lifecycle, such as administration, set-up and configuration, logins/logout, launches, shut down…

  • Managing users with legitimate access

An ERMS manages specific access controls to determine which documents a user has permission to access. In an ERMS users can access only those documents for which they have explicit authorization.

The above list is by no means exhaustive but it gives an indication of the many striking similarities between best practices in the GDPR and the multiple benefits associated with an Electronic Records Management System.

The examples demonstrate that the GDPR should not be considered as an extra burden for the ERMS. Quite the contrary, the GDPR brings additional evidence of the importance of an ERMS within in an organization as it centralizes all digital assets and enables the streamlining all related data management processes.

For this reason, an Electronic Records Management System serves as the ideal framework to ensure full compliance with data privacy obligations, in view of the GDPR.