Although some countries require certain types of documents to be kept and archived in their original paper form, for most categories of documents, including HR-related records, there is no such requirement, and it is generally acceptable to use electronic versions of paper records (i.e., scanned copies of paper originals) during most government agencies’ inspections and audits or in court proceedings.
The evidential or probative value of electronic versions of paper records may be more easily challenged before a court than it would be for the originals. This is mainly because the original records could be tampered with or changed before being scanned, and, unless proper technology has been used (e.g., encryption and timestamping), it may not be easy to detect such changes from a scanned copy. In specific situations, it may be good practice for employers to retain archives of paper originals in the event such originals would be requested by a specific investigator, auditor, judge or authority.
While Denmark does not have a specific law relating to electronic archiving of paper originals for private individuals or legal persons, the Danish IT Security Council created guidelines based on legislation and case law in 1999. “It is the opinion of the Council that an organisation that follows the guidelines will generally be able to produce evidence for the content of a digital document (authenticity and integrity). The level of security outlined in the guidelines should be sufficient for most organisations.”1
In other words, scanned copies of paper documents are legally valid and may be presented as evidence if the validity of the record can be proven through an assessment appropriate to the situation. In order to use a digitized record of a paper original, organizations should be able to prove that the content of the digital version is identical to the original.
While there aren’t specific legal requirements in the GDPR or in the Data Protection Act relating to archiving systems, there are a number of factors to take into consideration, such as:
In addition, electronic archiving systems must comply with security requirements as outlined in Article 32 of the General Data Protection Regulation. The Danish Data Protection Agency requires that companies prepare an Article 32 document describing implemented technical and organizational measures. When external IT-providers are used to process personal employee data, a data processing agreement should be entered into between the parties.
HR Best Practices: The full electronic archiving era is approaching, but for now it is not possible to guarantee that all paper documents can be destroyed. Indeed, the acceptance of digital copies remains subject to the discretion of the judge. Similar to the electronic signature, electronic archiving will probably also develop to a three-level structure: simple, advanced and certified archiving. Over time, this means that certified electronic archiving will make the burden of proof fall under the responsibility of the challenging party.
1 2013. "Digital Documents – the Weight of Evidence." Ministry of Higher Education and Science. June 18. Accessed January 29, 2018. https://ufm.dk/en/publications/1999/digital-documents-the-weight-of-evidence?searchterm=it%20security.