Six steps to protecting your data this holiday season

There’s more to data breaches than lost or stolen paperwork; information can be taken from computers, laptops and USB flash drives. We recognize the value of data and protecting ‘corporate memory’. Below are six key areas in which businesses can prepare this holiday season by adopting basic principles of data collection, storage and destruction.

Understand its value

Start with an audit to distinguish how much data currently stored needs to be kept. Is it ‘records’ or in fact junk or data noise? Destroying unnecessary information can help create a clearer picture for the future. For data that needs to be kept, make sure you know where it is stored, who uses it, how to access it and how to protect it. The key to good data practice is in understanding its value in the first place; so treat data like an asset.

Assign ownership

With fines for non-compliance set at up to 5 per cent of global annual turnover it’s vitally important that someone in the business takes ownership and responsibility for staying up to date with new regulations. Make it clear which role in your business has responsibility for each type of data - whether it is the IT Manager, CIO, Records Manager, Office Manager or an outsourced company.

Be prepared

It is compulsory for all companies in the EU to have a system in place for dealing with data breaches, including processes for notifying anyone affected by a breach. So why wait? Clear and well-practiced procedures should be put in place now – not least to identify who is responsible for reporting.

Seek advice from expert 

Under current plans any organization with more than 250 staff will have to appoint a Data Protection Officer – but all companies should think about seeking expert advice at the very least. If you don’t want to hire a dedicated angel, you can outsource to a trusted partner. Crown Records Management, for instance, offers an IM6 audit designed to assess the data management health of businesses and suggest improvements that can be made.

Seek consent and open communication channels 

Companies are required explicit consent from people to gather their personal data; so get those processes in place now. Any company storing personal data should consider what the legitimate grounds for its retention are, and how they will communicate this to customers as we move inevitably from implicit consent to explicit consent.

Change your culture

Start to create a company culture where privacy is considered in every process and at every level of the business. Designing in privacy and making staff aware of its importance - is the key to good data practice as data protection evolves.

For more wise words on how to dispose of company information safely and how to meet regulatory requirements, contact one of our Records Management experts.

We wish you a joyful and safe Christmas, open our Christmas message here.