Developing data and records management policies for GDPR Compliance

Information flows through organisations in the form of paper and electronic records, such as word processing documents, spreadsheets, e-mail, graphical images, and voice or data transmissions. Information can be stored on a variety of storage media, such as microfilm, microfiche, diskette, optical disk, CD-ROM, videotape, and paper.

Apogee can help to develop an RIM policy that not only works towards the strict GDPR requirements around data management and protection, but also:

1. Provides greater assurance of legal compliance to minimise liability and discovery impacts.

2. Improves customer service with higher quality of service and faster retrieval of documents.

3. Improves staff productivity with effective records management systems.

4. Reduces storage costs through elimination of unnecessary and duplicate documents.

5. Ensures safety of vital organisational records.

6. Establishes an efficient, cost-effective records retention and disposal system.

Organisations have many different ways in which data is stored and used, so this tactic will require careful consideration in each case to create a customised plan, but one that is based on simple, repeatable standard practice.

The components of an effective RIM program that may be activated by the records manager include:

1. Records retention program

2. Vital records program

3. Inactive records management program

4. Electronic records management program

5. Records management handbook/record liaisons training

6. Micrographics (microfilming) program

7. Forms management program (corporate communications)

8. Active records management program

9. Copy and reprography program (purchasing)

Organisations can work towards GDPR compliance by establishing practices that fulfil their data and RIM policies. By separating PPI from business data at source and capturing, storing, segmenting, using, destroying and auditing all data in a compliant manner, heavy financials penalties of up to 4% of annual global turnover, or €20 Million (whichever is greater) can be avoided.

To discover how Apogee can help your organisation develop a strategy for GDPR compliance before the 25^th May 2018 when the new regulation will come into force, contact us using the form below.