Skip to main content

Mid-sized EU companies holding data for too long

Once GDPR kicks in, a bunch of mid-market companies will have their heads in their hands in shock, Iron Mountain (opens in new tab) claims. That's because, many such companies (250 – 2,500 employees) are holding on to almost every record, even though they should not do so.

According to the company's latest report, 11 per cent of such companies are holding on to information without keeping in mind data protection requirements.

When asked why they have such practices, businesses mostly say it's to exploit possible future value (89 per cent), to provide a safety net in a complex regulatory landscape (87 per cent), and to comply with e-discovery requests (42 per cent).

“Knowing what information to hold on to and for how long is complicated for many European organisations, with different rules for different kinds of information in different countries. It is just as risky to hold on to something for too long, such as personal data or unsuccessful job applications, as it is to destroy something too soon, such as email correspondence or health and safety records that might be required for a lawsuit,” said Gavin Siggers, Director of Professional Services for Iron Mountain Europe.

“Unsurprisingly, many companies have responded by simply keeping everything. However, particularly in the case of personally identifiable information, this cannot continue. From 2018, businesses will need to prove that their information is created with a built-in end of life. Achieving this will require organisations large and small to know what they have, where it is, and how long they are entitled to hold on to it. We would advise businesses to seek expert guidance.”

Image credit: Jirsak / Shutterstock

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.