GDPR compliance

GDPR came into effect on 25 May 2018

Data privacy with Zetadocs Expenses

On 25 May 2018, a new European privacy law took effect. The General Data Protection Regulation (GDPR), establishes strict global privacy requirements governing how personal data is managed and protected whilst respecting individual choice no matter where data is sent, processed, or stored.

GDPR requires you to implement appropriate technical and organizational security measures to protect personal data and processing systems. In the context of the GDPR that requirement extends to “data processor” service providers like Zetadocs Expenses.

This page has been written to explain how Zetadocs Expenses secures personal information and any measures you may need to take to comply with GDPR.

Data policy

Under GDPR, each and every business has an obligation inform their staff how any personal data will be used and how long they will keep it for.

Zetadocs Expenses customers are advised to consider extending their staff employment contracts or policies to include the use of the expense management platform and their evidence retention policy for tax or audit purposes.

Data storage

Zetadocs Expenses stores captured receipts and other documents on the platform as evidence items for business expenses. Both the recorded expenses and these evidence items may contain personal identifiable information (PII).

Zetadocs Expenses treats all evidence items as personal data and encrypts them at rest to keep this personal data safe and secure. Recorded expenses are protected by Azure SQL Database access control.

Data access

Most businesses will have a legitimate interest to process receipts and other evidence items that may contain PII. These businesses have a legal obligation to ensure that these evidence items are only accessed by appropriately authorised staff whilst they have a business interest to do so.

Zetadocs Expenses adopts a role-based permissions approach to ensure that only the desired authorised staff have access to recorded expenses and evidence items. See the Zetadocs Expenses Help for more details on managing these roles in Zetadocs Expenses.

Data destruction

Businesses should only keep expense evidence items for a long as they have a legitimate business interest to do so. UK businesses must retain receipts for tax or audit purposes, for eight years in the case of VAT inspection. This business need takes precedence over the individual’s right-to-be-forgotten.

Zetadocs Expenses customers could consider recommending that submitters redact any personal information which is not required by the business ahead of uploading them to the platform, such as details of non-business-related items they have purchased.

Parallax image for How it works


Zetadocs Expenses Service Terms


This page is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and your business. We encourage you to work with a legally-qualified professional to discuss GDPR, how it applies specifically to your business, and how best to ensure compliance.

Last updated 25 May 2018.

Equisys Logo, Document Management and Expense Management for Business Central

Replaced by script