If 2015 was the year of high profile data breaches then 2016 may well be the year when records management finally makes its voice heard in the boardroom.
Looking back on the last year it’s clear that many businesses still aren’t listening; and when they do it is only because there is a catastrophic incident which forces them into action.
As a result, their responses and quick fixes often look like knee-jerk reactions rather than changes made as a result of a solid records management policy being put in place.
So why will 2016 be different and how can businesses in the UK prepare?
The answer to the first part of that question lies in necessity. Public awareness of data protection issues is higher than ever, not least because data breaches make front page headlines. Remember Carphone Warehouse? Remember the Ashley Madison infidelity dating website? These were huge stories in 2015 and dominated the news agenda.
Not surprisingly, businesses are beginning to realise they can lose customers and market share as well as reputation when things go wrong. The customer of the future will only choose to give their personal data to businesses they can truly trust.
The ‘right to erasure’ also became a hot news topic last year after Google was required by a European court to delete outdate search results; another indication that European citizens are demanding more control over their personal data.
Everything indicates the agenda is changing and now is the right time to think about records management and data protection in a more positive and proactive way.
At the moment there is a Catch 22 situation. Businesses know they need to have good records management policies in place to attract customers in future. But they also fear that by standing up and saying ‘Look at us, we’re great, we’re robust, we are compliant’ they present themselves as a challenge for hackers, too.
Nevertheless, the direction of travel is only in one direction – the value of an effective, robust and compliant records management policy is growing by the day.
There are also imminent changes in legislation to consider – such as the EU General Data Protection Regulation – which are going to bring data protection and data breaches into even sharper focus. So the ‘head in the sand’ approach adopted by many businesses who simply pray it won’t be us next, will soon make even less sense.
A more positive attitude is to think about the value of a compliant and forward-looking records management policy, not only in terms of protecting information but also in terms of protecting reputation and boosting customer confidence.
Here are five actions businesses can take in 2016 to be ahead of the game:
1. Introduce inductions for all new staff
It’s time for good records management to be installed in the DNA of businesses – starting with new-hire inductions.
2. Plan and budget for continuous training
It’s not good enough to give staff a briefing on avoiding data breaches, introduce a tick-list and then sit back and think the job is done. Records management is an industry which moves quickly – changes in legislation and technology – as well as trends in criminality and public behaviour have a huge influence. Continuous training is required for staff to stay up to date.
3. Install clear disciplinary procedures
Most data breaches – up to 80 per cent – are the result of human error. Having clear disciplinary processes in place for staff who ignore agreed procedures underlines how important data protection is to a business. Most businesses, however, still don’t take this on board. When did you last hear of someone being sacked because of a data breach?
4. Prepare for the EU General Data Protection Regulation (EGDPR)
This regulation is likely to be ratified in 2016 and it will soon dawn on businesses just how much they have to do – and how much it is going to cost them. Preparing and planning early is absolutely crucial. Have clear policies on how data breaches are reported, who will report them and how quickly. Very soon data subjects will have the right to ask for their personal information to be edited or deleted – these systems need to be in place as soon as possible.
5. Think about privacy by design for all new projects
The EGDPR will make privacy by design compulsory in future, which effectively means it is a requirement right now. Businesses need to think about privacy and data protection compliance at the beginning of projects rather than bolting them on at a later date.
Mike Dunleavy, Head of Customer Development & Experience, Crown Records Management
Image Credit: Wikipedia