Data retention

Data retention

Due to GDPR regulations, we are not allowed to retain collected data longer than necessary. To comply with these regulations, you can now define retention periods for specific data in Spend Cloud. In this article, we will explain step by step how to configure and use the 'Data Retention' functionality.

At this moment, you can use this functionality to delete emails in the Mailbox after the retention period set by you has expired. If you also want to delete old invoices and/or orders, click here.

Setting Rights

There are three options for Data Retention within the permissions in Spend Cloud. An administrator can assign these permissions to a permission set by navigating to Application Management / Organization / Permissions.


  1. View
When 'View' is assigned, the user has access to the overview and can view all data.
  1. Edit
When 'Edit' is assigned, the user can modify the retention periods.
  1. Review
Once a rule has been edited, it must be reviewed by another user. Users with the 'Review' permission have the ability to review the rules and thereby activate or terminate the set retention period.

Once the retention date has passed and the data is deleted, this data cannot be restored. Therefore, exercise with caution when granting edit and review permissions.

Viewing Retention Periods

You can access the data retention overview by navigating to: Application Management / General / House keeping.

Upon opening this overview, you immediately see all retention periods. The details are organized by modules and subitems. This provides a structured overview of all retention periods. For now, only the 'Emails' section within Invoice Processing is available. The set retention period for this item applies to all emails sent within the Invoice Processing module. When the retention period expires, these emails will be deleted from Spend Cloud. Over time, retention periods will become available for multiple modules and subitems.


Image 2: Data Retention - Show

For example, you can choose a retention period of 7 years.

Activation

By default, all rules are deactivated, so we will never delete data without review. To activate a retention period, we have implemented a workflow. After a user has modified the data, another user (with the appropriate rights) must then review these changes. This ensures that data is not deleted "accidentally."

You can activate a data retention rule by navigating to the editing page. This page is accessible by clicking the "Edit" button in the upper left corner of the overview.

Setting the Period

To activate a retention period, you must first enable the period on the editing page. You can do this by clicking "Yes" in the "Enabled" field. Only when "Yes" is selected will the drop-down list for "Retention Period" become active.

Using the dropdown fields, you can specify the retention period. For example, if you select "2 years," Spend Cloud will delete all emails older than two years. When you click the "Save" button, the details will be sent to the relevant reviewers. They must then review and approve or reject the changes.


Image 3: Data Retention - Edit

The following data cannot be modified on the editing page:
  1. Status

This value indicates the status of a rule. The default status is "Inactive." When the retention period is updated, the status changes to "To Review." If the retention period is approved, the status changes to "Active."
  1. Created

This field shows the date, time, and user who initially set the retention period.
  1. Modified

This field shows the date, time, and user who edited or reviewed the data retention rule (all changes after the initial update).

To update the retention period, a different reviewer must be involved than the user who updated the rule. If no reviewer is available, the rule cannot be edited. Rules cannot be updated if they are awaiting review (status = "To Review"). This also applies to the other rules within the module. If you want to deactivate an activated rule, you must select "No" in the "Enabled" field. After saving the rule, the change must still be reviewed, and after approval, Spend Cloud will stop deleting the data.

Assess

The assess overview is accessible by clicking the "Assess" button in the upper left corner of the display page. This button is only active if the user has review rights and when data is actually up for review.

In the assess overview, two options are available:

Click on the "Show" icon. This navigates you to the display page.

Click on the "Assess" icon. This navigates you to the review page.


Image 4: Data Retention - Review

The assessor is responsible for checking the information within the data retention rules. After the review is performed, the assessor can use the yellow marker to indicate whether the rule can be approved, disapproved, or put on hold. If "Disapprove" or "On Hold" is selected, a remark must be provided for the chosen action.

When the rule is disapproved, Spend Cloud will not delete the data from the rule. The rule now has the "Inactive" status and can potentially be edited to set a different retention period. If you want to verify the data with management or the board first, you can put the rule "On Hold." The status changes to "On Hold." Spend Cloud will not delete data yet, even if the specified date has passed. Data will only be deleted once the rule is approved.

If you find no issues with the rule, select "Approve." The status of the rule changes to "Active." After the retention period expires, Spend Cloud will begin deleting the data.

After the specified retention period expires, Spend Cloud will only delete data under the following conditions:
  1. "Enabled" is set to "Yes."
  2. The retention period is approved.
  3. The status of the rule is "Active."
The user who set the retention period cannot review the rule (the review button is inactive). The review must always be done by a different user than the one who created the rule.

Workflow History

At the bottom of the rule, the workflow history is visible. This overview shows information about changes in the rule, such as:
  1. Status changes
  2. Approval
  3. Rejection
  4. On Hold
  5. This includes details about the status, offered to, sent by, date, and comments.


Mutation Overview

The mutation overview is accessible by clicking the "Mutation Overview" button in the upper left corner of the display page. This overview provides all historical changes within "Data Retention" (update and review values). This overview shows when the changes occurred and what the changes were.


Image 5: Mutation Overview


    • Related Articles

    • Deleting data within Invoice Processing

      Within the Spend Cloud, we process a lot of data. In principle, we do not delete data unless requested. Users can delete emails themselves using the housekeeping functionality within the Spend Cloud. This is currently the only place where customers ...
    • Delete data from the Spend Cloud (GDPR)

      It is now known to everyone that you cannot store data and personal data indefinitely. After the data has served its legitimate purpose, it must be deleted. This can be read in article 5.1. of the GDPR. In this article we will tell you how the Spend ...
    • Transition to a new financial package

      Introduction When transitioning to a new financial package within the organization, configuring and integrating the Spend Cloud with the new financial package is essential. The Visma | ProActive account manager can be contacted to schedule a ...
    • Employee and role import

      This article describes how to set up an employee and role import in the Spend Cloud. The combination of both imports automates user management in the Spend Cloud. Employee Import In organizations with a large number of employees, hiring and departure ...
    • Manual to start using SCP upload

      You can upload files in the Spend Cloud to have them automatically processed in the import planning. To make the uploading process of these files as automated and secure as possible, it is recommended to upload these files via SCP upload using ...