Data communication ecspand invoice processing
To get a general understanding of how to approach the DSGVO with regards to ecspand invoice processing, it is necessary to explain which data and services actually exist and how they store this information and how they communicate with each other. Since ecspand invoice processing is typically a process with a large number of operated components, we exclusively focus on the data storage of the product ecspand invoice processing.
Representation of the data stream in a typical ecspand invoice processing installation

.

In a typical structure of a process chain for invoice processing, the following components are involved.
a scanning line for the digitization of invoices
an ImportService for the transmission of data to SharePoint
an ArchiveConnect module for an import into the ERP system (SAP, Dynamics NAV, Dynamics AX)
ecspand invoice processing in Microsoft SharePoint
a d.ecs storage manager with a connection to an archive
the d.velop task processor
As mentioned above, we only look at the data storage and data communication flows of the ecspand invoice processing in Microsoft SharePoint and additionally look at direct transmission paths.
General
Depending on your country's principles, incoming invoices are documents which are often subject to superordinate legislation in addition to the EU-GDPR.
The obligation for the retention of documents is regarded as higher than the consideration of a request for erasure by a natural person. The objects come from suppliers or creditors and are located there.
Handover from the scanning line to the ecspand Import Service
Depending on your actual installation of the ecspand Import Service, you will probably have one or more folders where the scanned invoices are stored for the import in Microsoft SharePoint.
If the Import Service is enabled and the documents stored there have no errors, they are processed asynchronously after a short while.
However, this means that invoices may remain in these folders if they are faulty and cannot be processed, or if the Import Service is not active at all to process these invoices.
If you have identified that the scanned invoices are eligible for special protection, make sure that the folder is not accessible by everyone although it is typically not located on publicly accessible servers.
Configure a permission on the folder for example for the service account of the Import Service. Thus, the invoices are not directly accessible. Optionally configure a monitoring with the d.ecs which actively notifies you if the folder contains objects remaining longer than desired.
Also take into account, if you may have to consider the paper-based invoices in this scenario and you handle the physical objects in this process.
After the import into Microsoft SharePoint, a so-called receipt file is provided for the import of the ERP system which is stored by the ERP system and generates respective objects. The considerations above also apply to this folder.
Moreover, please consult the documentation on the scanning products used, on the general procedure on the physical handling and protection of the operated disks.
Data storage in the ERP system
Consider the data storage in the ERP system separately with reference to the EU GDPR and use the information provided by the vendor. The communication with the ERP system depends on the system:
SAP - RFC
Microsoft Dynamics AX - AX BusinessConnector
Microsoft Dynamics NAV - Standard SOAP
Data storage in Microsoft SharePoint
Havin transmitted the invoice and imported it into Microsoft SharePoint, you are operating within the Microsoft SharePoint standard with regards to security. Check the security policies in the product documentation or your actual implementation.
You will find a personal reference in SharePoint at least whenever a UserField is used. In the context of the invoice processing and depending on your installation, you will typically find a personal reference at the following positions.
In the list of persons in charge for cost centers and the delegates.
In der the list of distribution groups as a member of a group.
In the list of workflow as a recipient.
In the actual invoice in the library “Invoices” as the accounting clerk, factual verifier, additional verifier, approver, in the internal notes, in the history, or in the default fields Creator, Edited by and Checked out by.
In the protocol of the workflow history as a participant in the workflow in the library Workflow reports.
Should you find out that a right of an affected person applies in this information, please search in the lists and libraries mentioned above. Please also consider these subjects in your erasure concept.
An example: If a member of staff who took part in this process is leaving your company:
Remove the member of staff from all groups in the list of persons in charge.
Remove the member of staff as a recipient from the list of workflow types.
Remove the member of from the groups Accounting, Verifiers or the distribution lists.
According to the German “Principles of proper accounting and electronic storage” (GoBD), a logged participation in a release process or the invoice itself must not be prematurely deleted. Thus, you must apply exceptional deletion procedures in all invoices and workflow protocols.
Please consider the terms of the GoBD and apply regular deletion cycles on expiry of the respective retention times. Please define the deletion cycles in your individual deletion concept.
Structure and handling of individual tables in the context of invoice processing
When installing the invoice processing, an individual database is generated providing the following data.
IPConfiguration to store the configuration. The storing person is maintained.
The login name is stored here but the record is merely technical.
IPGOBD to maintain the communication with the ERP system.
This information is required for the auditing based on the German principles of proper accounting and electronic storage (GODB) and is thus regarded as superior than the EU GDPR.
ObjectLocks to prevent a parallel processing of one invoice by two competing users
This technically maintains, if a an invoice is currently being processed by another person. This also stores the user name. This table is of mere technical nature and does not contain any personal data. This table is automatically cleared on a regular basis
TaskGridSettings to store the views in the task webpart of the user
Apart from a technical login name, this table only contains technical data to store a personalized view of a task webpart.
TaskGridLastSelectedSettings to store the last use of a view in the task webpart containing the login name to identify the personal view.
WorkflowTaskHistory to store all user decisions and comments.