Do you, like me, have a habit of buying lots of fitness gadgets with the intention of using them regularly? I had a look recently at what I had and oh, my! They are starting to clutter up the place!
I start out with good intentions, and leave them in view just in case I get the urge to exercise. But instead all they are doing is gathering dust, leaving them prone to theft or accidental loss!
So, how about you? No, I’m not talking about the gadgets in your home, but what about all the personal data you are collecting over time on your customers, suppliers, and employees? Are you doing something similar by storing it just in case it becomes useful again?
If you are then you need to have a re-think now that the GDPR is here. Under Article 5 there is a principle relating to storage limitation which details that personal data shall be retained only for as long as necessary and for the purposes for which the personal data was processed.
So, do you have a current up to date data retention policy in place that you periodically review?
- Does it include information in all its various forms? i.e. paper, stored electronically or held on film, or other media. It could include text, pictures, audio and video. Also, information transmitted by post, by electronic means, and by oral communication, including telephone and voicemail?
- Does it include the lifecycle of the information from creation through storage and utilisation to disposal?
If you don’t, then I would recommend you get something in place; below are a few questions you might like to think about:
- Do you know what personal data you hold and why you need it?
- Can you decide upon and justify how long you should keep personal data for, giving due regard to the legal, regulatory, business and individual needs?
- Can you ensure time-periods for retention, are discussed, agreed and documented?
- Will you regularly review your information and erase or anonymise personal information when you no longer need it?
We all accumulate data over time, and we should regularly have a look around us to see if we still need it. Like the gadgets in our draws, we might have some valuables stored away that we should be taking more care of.
If you want assistance in devising a Data Retention Policy or anything else GDPR related, then why not have a chat with The Agenci and we can look to work with you through the process.
Agenci Information Security is responsible for protecting businesses from cyber threats, cyber-attack, internal threats and business outages. Agenci Information Security ensures clients systems are secure and provide peace of mind through a range of proven specialist information security solutions.
Please contact us here to speak to a member of our team.