How to comply with GDPR. Retention policy made simple

HOW TO EMBED GOOD GOVERNANCE IN YOUR RECORDS AND DOCUMENT MANAGEMENT

Records management is a hot topic with the EU General Data Protection Regulation (GDPR) coming into force this year. This new directive poses a risk to businesses compared with previous versions as sanctions can be up to four percent of a company’s worldwide turnover.

The good news is that a retention policy that enables organisations to capture, manage and destroy information automatically is relatively simple to achieve.

IS YOUR RETENTION POLICY GDPR-READY AND ENFORCEABLE?

Many organisations are able to track usage of records, files and documents. But the question is, do they have an enforceable retention policy?

A retention policy sets the time that information, data and records must be managed and retained. It provides a framework for employees on how they should manage information - from creation to destruction – to comply with data management regulations.

A retention policy includes both paper and digital formats, which adds an element of complexity if a paper version has been printed and tucked away in a drawer.

APPROACHES TO RETENTION POLICY ENFORCEMENT: MANUAL OR AUTOMATED?

When individuals are left to monitor and enforce a retention policy, it involves significant manual intervention, time, effort and cost.

Alternatively, organisations that ruthlessly delete files that have reached their end of life (EOL), without any forewarning for staff, could potentially lose important records.

Neither approach is satisfactory.