Data Retention - Don’t be caught out!

There is a small change in the Data Protection law coming in May 2018, now I’m being a little sarcastic when I say little. The changes really are game changers so I thought I’d share one of those obligations with you which will have significant ramifications if not done correctly.

The obligation is around data retention or how long you keep documents which hold personal data. Let’s work on the principle that you have to hold on to you files for 6 years (once they have been finished with), at that point they should be destroyed, a fairly simple process to put in place moving forward, but I’m sure the first question you’re going to ask is what about the data we already hold?

Great question, but the same obligation applies, so if you hold personal data for more than 6 years it should really be destroyed (if you no longer deal with them), that includes all the personal information pertaining to those individuals. That might be archived files, in might be paper files in filling cabinets, it might be email, electronic files or documents stored on desktops.

The key point here is that all of the data needs to be destroyed and not just some of it. So not checking every nook and cranny and being 100% sure that everything has been destroyed is a breach of the Regulation.

For some industries that will be easier than others, but the Regulation applies to all.

Hopefully this makes sense and your all well briefed on the changes and how they can affect your business, if not then please do get in touch.

By Jezz Gobran

I-secured

Back to News