Are you aware of Earth Overshoot Day* ( Global Footprint Network** ) and that we (the human race)...
Data. We (as organisations) store vast amounts of it, whether digital or paper records. Depending on the type of data, organisations are required to keep and/or destroy some of those records - potentially driven by GDPR or government legislation.
- Do you know when a document held by your organisation can or should be deleted?
- Do you know where a document is and can it be easily located?
- Do you know the cost of failing to perform the due diligence to comply?
- Do you know the cost of managing your responsibilities manually?
Taking control of your data
Whether a micro-business or large corporation, the volume of information to manage does not always correlate directly with the size of the organisation. Who is going to manage all those documents to ensure your organisation remains compliant, not only with law but perhaps your own ISO accreditation? Where is the employee time going to come from to review all those folders and work through what stays and what goes?
First and foremost, you need to be aware of the guidelines that govern the retention of your data. The two tables further down can help with a general view but of course there may be other specific requirements related to your specific sector.
Simply put, the only effective (time, cost and consistency) way to manage any volume of documentation governed by compliance is to use a Document Management System (DMS) - define retention policies (based on key document information) and utilise automation.
How much?
Post Brexit, UK organisations may need to comply with two frameworks for data protection (based on the scope of operations):
- UK GDPR, which, with the DPA (Data Protection Act) 2018, applies to the processing of UK residents’ personal data
- UK GDPR and DPA 2018 set a maximum fine of £17.5 million or 4% of annual global turnover
- EU GDPR, which continues to apply to the processing of EU residents’ personal data
- EU GDPR sets a maximum fine of €20 million (about £18 million) or 4% of annual global turnover
Supervisory authorities such as the UK’s ICO (Information Commissioner’s Office) can take a range of alternative actions for GDPR infringements other than fines, including:
- Issuing warnings and reprimands
- Imposing a temporary or permanent ban on data processing
- Ordering the rectification, restriction or erasure of data
- Suspending data transfers to third countries.
- £1,000 penalty on the first day after the deadline
- £60 applies for each further day that the notice is not complied with (up to 29 days)
- On day 30 after the original deadline, a further £1,000 penalty applies
The difference
The manual method requires your assigned Records Manager (whether for the organisation or department) to:
- Maintain a catalogue (spreadsheet) of key documents and locations
- Set aside time (perhaps monthly) to review the spreadsheet
- Set calendar reminders for important data milestones
- Take action on any highlighted document(s) - Search (locate) / Assess (review) / Action (retain or delete)
The managed, automated method requires your records manager to:
- Review a system generated audit report once a month to ensure the system is handling fully automated remediation (deletion) actions
- Respond to any generated process requests to proceed (approve) with remediation on key document types (potentially a one-click action)
Whilst the automated process is not quite ‘hands off’, there is a significant difference in the time required to manage each document over its lifecycle. By automating the catalogue, tracking, reminder and decision process, it also significantly reduces the risk of non-compliance and errors through relying on a manual schedule.
Gartner once quoted an average of 18 minutes to locate a document (without management through a DMS) therefore simply handling 3 documents could take nearly an hour. With a DMS, the Records Manager could be finished with tasks in less than 3 minutes. An oversimplification perhaps but certainly not an exaggeration. Add the spreadsheet maintenance, tracking, reminder management on top and the time ‘wasted’ becomes very apparent.
PacSol can partner with your business to identify, review and recommend an appropriate DMS for your business (that fits your requirements) or help review you existing DMS configuration to optimise records management automation. Contact us today or book one of our free consultation appointments
Personnel related (recommended UK retention periods)
Financial related (recommended UK retention periods)
Toby Gilbertson, Director. July 2024
