Let’s think about data management and retention. We all keep lots of information on our computers and it’s easy to lose track of exactly what is stored on our various devices. Sometimes, we may use some data and then save it on our hard drive, or server, thinking the information may come in useful at some point. But all too often, we forget what we’ve got stored on our computers or even if we want to revisit old information, we may have forgotten exactly where it was saved. Whether it’s client’s records or other business information, it’s important to have some discipline and rigour around data management and retention. Keeping hold of unnecessary data can have an impact on business efficiency. Over-loaded drives and file servers can slow down performance and searching for misplaced files can be time-consuming and frustrating, as well as inefficient. So it’s important to implement guidelines for data management and retention within your organisation. This will also help your business to keep in line with legal obligations.
Avoid keeping unnecessary data while retaining the essential
If you provide business advisory services and retain client’s data, there’s a balance that needs to be established between legal requirements for record retention and the privacy regulations imposed by GDPR. While we may err on the side of caution for keeping hold of client data in case we might need it again, GDPR imposes a legal obligation to maintain data privacy. And if you lose client data, the ICO could impose a hefty fine. So what is best practice to keep in line with the different legal requirements?
According to the GDPR, records should not be retained longer than necessary for its lawful purpose. But at the same time, financial records need to be maintained in accordance with accounting and financial regulations. It’s probably best to demonstrate that you’ve abided by the financial requirements, while at the same time only keeping what is absolutely necessary to enable you to comply with GDPR. And you should document how you use and store data so that it’s clear to see your policy in case of any issues in the future.
You will maintain tighter control of sensitive client data if you actually know what data you hold and where it’s stored. So make sure that you keep records of the data retained and that storage of client data is centralised. Avoid duplication, so the potential for data going astray is minimised and don’t allow your staff to retain copies on their individual PCs.
Security in the cloud
Maintaining your data in the cloud can provide an effective and secure way to centralise and store your businesses data – so adopt Office 365 or a hosted desktop platform to ensure that records are maintained in a single place. A cloud strategy will also help to ensure that the data is properly backed up and stored offsite so that if data is lost by a breach or system malfunction, then it can be restored quickly and efficiently.
Introducing a well-organised structure for managing and storing your clients’ data will help you to use this data more efficiently, and enable you to adhere to legal obligations. Efficient data management will also help in case of disasters, minimising risk. And limiting the amount of data stored to the essentials will also be more cost-efficient, as it will reduce excess storage costs.
For advice and guidance on best practice in data management, contact us.