By Legal Futures’ Associates Exterro
Establishing an effective data retention policy is a key step in managing and protecting one of your organisation’s most valuable assets: it’s data.
But it’s very complex and poses many challenges to organisations – challenges that must be overcome now that recent data protection regulations like the GDPR enforce organisations to address their data retention practices, or risk facing severe consequences.
It’s estimated that up to 70% of an organisation’s unstructured data is ROT – information which is redundant, obsolete and/or trivial – which not only creates a huge amount of risk to potential cyber threats, but exposures organisations to privacy compliance in these recent regulations and the other 700+ privacy laws around the world.
Below are 6 practical tips on how to operationalise data retention in your organisation and establish a defensible deletion process.
- Develop and maintain a comprehensive data inventory
Identify what personal data exists, media types used, processing activities, data subjects, storage locations, and retention obligations
- Tie your data inventory to other data / compliance activities
Work in concert with wider Legal GRC (Governance, Risk& Compliance) objectives – DSRs, Legal Hold etc.
- Leverage proven retention and disposal standards
Adopt retention standards that are industry-specific and processes that are effective and defensible
- Demonstrate Return on Investment (ROI)
Retention mitigates risk of litigation and cyber breach, reduces digital and paper storage costs etc.
- Communicate program expectations
Ensure all stakeholders buy-in to defensible approach, culture change, business transformation, training, awareness of personal responsibilities
- Establish ongoing processes
Leverage proven experience, standards and technology to streamline your data minimisation and retention efforts to ensure defensibility
Exterro teamed up with Data Protection World Forum to discuss implementing these practical tips and leveraging new technologies to fulfil privacy compliance while mitigating risk.
Follow the link below to watch the webinar replay, where leading industry experts Andreas Klug (Chief Privacy & Data Protection Officer at GVC Ladbrokes), Odia Kagan (Partner and Chair of GDPR Compliance and International Privacy at Fox Rothschild LLP) and Debbie Evans (Group Data Protection Officer at Rentokil Initial) shared their knowledge and insight on data retention.