The records management voice is still not being heard loudly enough in the boardroom but in 2016 things are about to change, and there has never been a better time for UK businesses to act. Looking back on recent history, not least on high profile data breaches in 2015, it seems many businesses only truly listen when there is a catastrophic incident.
As a result, their responses and quick fixes often look like knee-jerk reactions rather than changes made as a result of a solid records management policy being put in place.
But the agenda is changing and now is the right time to think about records management and data protection in a more positive and proactive way.
Moving into 2016, public awareness of data protection issues is higher than ever. Data breaches make front page headlines while ‘right to erasure’ became a hot news topic last year when Google was required by a European court to delete outdate search results.
As a result it’s not difficult to see a time when customers only choose businesses which have a reputation for carefully looking after their data.
At the moment there is a Catch 22 situation. Businesses know they need to have good records management policies in place to attract customers in future. But they also fear that by standing up and saying ‘Look at us, we’re great, we’re robust, we are compliant’ they present themselves as a challenge for hackers, too.
Nevertheless, there are changes in legislation ahead – such as the EU General Data Protection Regulation – which are going to bring data protection and data breaches into even sharper focus. So the ‘head in the sand’ approach adopted by many businesses which simply pray it won’t be us next, will soon make even less sense.
A more positive attitude is to think about the value of a compliant and forward-looking records management policy, not only in terms of protecting information but also in terms of protecting reputation and boosting customer confidence.
Here are five actions businesses can take in 2016 to be ahead of the game:
- Introduce inductions for all new staff: It’s time for good records management to be installed in the DNA of businesses – starting with new-hire inductions.
- Plan and budget for continuous training: It’s not good enough to give staff a briefing on avoiding data breaches, introduce a tick-list and then sit back and think the job is done. Records management is an industry which moves quickly – changes in legislation and technology – as well as trends in criminality and public behaviour have a huge influence. Continuous training is required for staff to stay up to date.
- Install clear disciplinary procedures: Most data breaches – up to 80 per cent – are the result of human error. Having clear disciplinary processes in place for staff who ignore agreed procedures underlines how important data protection is to a business. Most businesses, however, still don’t take this on board. When did you last hear of someone being sacked because of a data breach?
- Prepare for the EU General Data Protection Regulation (EGDPR): This regulation is likely to be ratified in 2016 and it will soon dawn on businesses just how much they have to do – and how much it is going to cost them. Preparing and planning early is absolutely crucial. Have clear policies on how data breaches are reported, who will report them and how quickly. Very soon data subjects will have the right to ask for their personal information to be edited or deleted – these systems need to be in place as soon as possible.
- Think about privacy by design for all new projects: The EGDPR will make privacy by design compulsory in future, which effectively means it is a requirement right now. Businesses need to think about privacy and data protection compliance at the beginning of projects rather than bolting them on at a later date.
By Mike Dunleavy, Head of Customer Development & Experience, Crown Records Management