Research recently conducted by PwC on behalf of Iron Mountain suggests that more than a third (35%) of small European companies are risking prosecution by “hoarding” data beyond the scope and period required by data protection legislation. When these companies were asked why personal data was being retained, they replied “In case it is needed”.
Apparently, engineering and manufacturing companies are the worst culprits with 45% holding on to everything. In the financial services sector, 39% keep everything and 9% have no company-wide retention policy! Colin Rooney, from Technology and Life Sciences Group, Arthur Cox says “Today, each organisation is increasingly aware of the possibility of litigation and this creates a reluctance to destroy original documents. That in turn creates spiralling storage costs and a potential breach in data protection law, in retaining personal data for longer than necessary.” The poor record keeping practices are particularly acute regarding employee, customer and financial information.
Do you need to dust off your copy of the Data Protection Directive and assess your own retention policies against the requirement not to retain personal data for longer than is necessary? Don’t forget, we’re also here to help you ensure you develop and implement compliance policies and procedures.