With the increasing regulatory and operational requirements to manage and maintain data, it is important to ask yourself where you stand in your records management journey.
The following questions (not an exhaustive list) will help you to find out your current status:
- What personal data do we process, and in which applications and systems?
- Do we know where data are stored within the organisation?
- Do we know what data we archive? Do we ensure that archived data are no longer stored in applications?
- Do we have automated deletion capabilities for adhering to retention periods? Have we considered legal hold?
- Do we have a deletion capability for applications, archives and storage units, for adhering to data subject rights and data protection officer requests?
Records and data management has always been an important topic for companies, i.e. ensuring adherence to legal hold when management of data has been a key element of the operational day-to-day business.
Today, with the expected revision of the Swiss Federal Act on Data Protection (FADP) and EU ePrivacy and EU GDPR, there are more requirements regarding the management of data. Following implementation of the EU-GDPR legislation, deletion and data identification have become central issues. Understanding what data a company processes and how data are maintained, and being able to identify and delete data, are key for efficiency as well as for compliance going forward.
Post GDPR, it is important not to limit records and data management to personal data only. It is a journey for structured and unstructured data.
Legal hold, efficient data identification/data retrieval capabilities and automated deletion mechanisms are new and existing requirements that set a new standard of records management for today and the future… are you equipped to manage?
For more information on records and data management and to see how PwC can support you.
We thank Ilir Rexhepi for his contribution to this report.