Facebook image

Data storage – not only concerning primary sources!

Companies often underestimate the quantity of data they accumulated about their buyers, customers. This also means that they underestimate the significance and potential consequences of the introduction of the new General Data Protection Regulation (GDPR).

As long as companies are not aware of the type of data they store and where they store these, they are constantly exposed to the risk of penalty as GDRP set to be introduced in May 2018 (link to previous article) includes several tightening changes as to correct data controlling. 

Hidden data

It is very important that companies not only examine the areas that are primary sources of customer data such as CRM or marketing systems. Without due care or the development and following of proper data controlling procedures, data and duplicates may be generated and stored in the following places: 

  • IT systems, 
  • portable media instruments, 
  • mobile phones, 
  • mobile data storage facilities such as pen drives or external hard disks, 
  • network files, 
  • data charts and other documents, 
  • e-mails and archived inboxes, 
  • community posts, 
  • microfilms, 
  • audio tapes, 
  • cloud-based storage places, 
  • websites, 
  • uninstalled or out-of-use IT systems and instruments, 
  • printed documents and archives. 

The above list contains only a few of the assets to the management of which special attention should be paid from a data protection perspective. The area to be reviewed can be stunningly large taking into account that a very large number of companies may be present on individual markets, which control and store a huge amount of data on an overall basis. 

Penalties can be avoided

We cannot emphasize enough that preparation for the new regulation to be introduced next spring should be started as soon as possible. In addition to a due diligence of the company from a data protection perspective and the development of a data management policy, it is also of key importance that employees are properly informed and prepared for the integration of the new processes. Compliance with data protection criteria is no longer the isolated responsibility of the IT unit but concerns all employees of the company who manage, use or have access to customer data. 

Related posts