‘Magpie’ SMEs warned over GDPR risk of data hoarding

dirty data 2SMEs are being warned to overhaul their magpie-style data retention strategies in the wake of a new study which claims around 40% of mid-market companies keep hold of  every last scrap of information, regardless of whether they need it or not.
According to information management company Iron Mountain, companies retain this information because they want to exploit it for possible future value (89%) or to provide a safety net in what is becoming an increasingly complex regulatory landscape (87%). Many are doing so to ensure they can comply with e-discovery requests (42%).
However, with Article 23 of the new GDPR stating that retention periods for all kinds of information – from emails and instant messages to proposals and contracts – need to be factored in from the moment the information is created, the risks and potential penalties associated with an unstructured approach to retention could prove severe.
Iron Mountain Europe director of professional services Gavin Siggers said: “Knowing what information to hold on to and for how long is complicated for many European organisations, with different rules for different kinds of information in different countries…
“Unsurprisingly, many companies have responded by simply keeping everything. However, particularly in the case of personally identifiable information, this cannot continue. From 2018, businesses will need to prove that their information is created with a built-in end of life. Achieving this will require organisations large and small to know what they have, where it is, and how long they are entitled to hold on to it. We would advise businesses to seek expert guidance.”

Related stories
Third-party data crackdown will wreak havoc says DMA
Industry on alert over third-party data legal crackdown
Data consent ruling rocks industry
Ten crucial steps to tackle GDPR compliance anxiety
Final data countdown: 16 months to save your business
Read it and weep: ICO offers latest GDPR guidance
GDPR consent updates spark chilling warning to brands
GDPR compensation to dwarf £30bn bill for PPI claims

Print Friendly