There are zillions of column inches on GDPR. The stakes are rising as we near the May 2018 deadline and organisations realise that it really is an important regulation - for all of us. Yes, as an organisation it will create short term issues as we organise ourselves, but the truth is we really should have sorted ourselves out some time ago.
The need for GDPR is reinforced in real life. My family home was sold recently as my surviving siblings emigrated to Spain to retire. We were summonsed to remove our ‘belongings’ from the family attic. Attic? well really it was a boneyard for tech down the years as well as nearly 40 years of paper files. Boxes neatly archived (Yes, I am that nerdy) containing client data from my days as a lawyer, right the way up to a couple of years ago. I had not forgotten them but truthfully, it was a case of "out of sight..." In GDPR terms this would be described as unstructured highly sensitive data. I am certain that every business has an archive facility or ahem.. filing glory hole!
We cannot just ignore the fact that the firm keeps paper records, case management files, personnel data on paper and its impossible to hack. We cannot settle on assuming, no one can ask about what is not electronically reward. " It was in our paper record....who knew?" When the law says the individual is entitled to see what you have on them – the law means all of it. There are some things that we would advise organisations to look to do now:
- Agree your file/data retention policies now;
- Socialise those policies across the business;
- Destroy (yes destroy) paper files that do not meet your retention strategy. Do not keep files because you always held them;
- Run a secure document management programme to manage your paper legacy compliantly, digitise records to bring them into your ‘structured data’ regime.
The main message is don’t forget your paper records within your GDPR programme. ST2 is offering its ACT Service Product to organisations looking to assess their readiness, implement a compliance programme, put in tools to maintain compliance and run initiatives to pay for the programme.
Our programmes include dealing with both unstructured and structured data. Contact us to find out what we can do for you. You will probably leave with an old piece of technology history looking for a home! Olivetti M24 anybody........?