Are you a data hoarder?

I like clear and empty spaces.

I like everything to be in its home.

Clutter and mess makes it difficult for me to focus. That’s why when I work from home, I try to stay in my office as much as possible, so that way I’m not distracted by other things that need doing. My husband on the other hand has tunnel vision and can ignore ‘all the things’ when he works from home!

Clutter is something I struggle with for clients too. The first thing I want to do is set everything straight! The last couple of months, we’ve been helping some clients prepare for the GDPR (European General Data Protection Regulation that comes into effect on the 25th May 2018) and data clutter is something that I’ve encountered everywhere!

I need to make sure that my clients have the data they need to make sound decisions about their clients and staff but also staff within the stipulations of the law!

Now the first thing that you need to do as a business, is:

  • Detail the data that you store, either digitally or on paper. This is data you keep on your clients, staff and any associates that you work with.
     
  • Then you need to look at why you keep that data and is it necessary (you need to be able to explain why you asked for the data, and why you still need it!)

This is often the place where I find the most business owners get stuck, there is that’s hoarders mentality. The desire to keep hold of everything ‘JUST IN CASE’!

So here are a few reminders:

Job Applicants – You need permission to keep their details, if they were unsuccessful in getting the job they applied for. Once you have closed the roles, you should securely dispose of all personal details after 3 months (just in case an Employment Tribunal claim is received)

Staff files – Remove any spent disciplinary or grievance notes. Remove any sickness.

For leavers, you only need the information required to give a reference.

Newsletter Subscribers – Ensure that subscribers know how to unsubscribe easily and get permission before you add contacts to your subscriber list.

Client / Service User Details – Ensure that you only request the information that you need and once you no longer need it, you secure dispose of the information.

Special information Notes – If you keep sensitive information regarding your clients/service users (Racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation), there are additional Stipulations around how you process that data – so you need to be extra cautious.

You need to know what personal data you have and what personal data you really need.

Next week, we will look at how you process the data that you do need