Skip to main content
Facilitate Magazine: Informing Workplace and Facilities Management Professionals - return to the homepage Facilitate magazine logo
  • Search
  • Visit Facilitate Magazine on Facebook
  • Visit Facilitate Magazine on LinkedIn
  • Visit @Facilitate_Mag on Twitter
Visit the website of the Institute of Workplace and Facilities Management Logo of the Institute of Workplace and Facilities Management

Main navigation

  • Home
  • News
    • Comment
    • People
    • Reports
    • Research
  • Features
    • Analysis
    • Features
    • Round Tables
    • Webinars
  • Outsourcing
    • Contracts
    • FM Business Models
    • Interviews
    • Mergers & Acquisitions
    • Opinion
    • Procurement
    • Trends
  • Know-How
    • Explainers
    • Legal Updates
    • White Papers
  • Jobs
  • Topics
    • Workplace Services
      • Hospitality
      • Catering
      • Cleaning
      • Front of House
      • Grounds Maintenance
      • Helpdesk
      • Mailroom
      • Manned Guarding / Security
      • Pest Control
      • Washroom Services
      • Disaster Recovery
      • Specialist Services
    • Professional Performance
      • Behavioural Change
      • Continual Professional Development
      • Education
      • Management
      • Recruitment
      • Training
    • Workplace Performance
      • Benchmarking
      • Health & Wellbeing
      • Operational Readiness
      • Procurement
      • Security
      • Workplace User Experience
      • Workplace Culture
    • Compliance
      • Health & Safety
      • Risk & Business Continuity
      • Standards
      • Statutory Compliance
    • Building Services
      • Architecture & Construction
      • Asset Management
      • Building Controls
      • Building Fabric
      • Drinking Water
      • Fire Protection
      • HVAC
      • Landscaping
      • Mechanical & Electrical
      • Building Security
      • Water, Drainage & Plumbing
    • Technology
      • Building Information Modelling
      • CAFM
      • Data & Networks
      • Document Management
      • Information Management
      • Internet of Things (IoT)
      • Software & Systems
    • Energy management
      • Energy Management Systems
      • Electricity
      • Gas
      • Solar
      • Wind
    • Sustainability
      • Environmental Quality
      • Social Value
      • Waste Management
      • Recycling
    • Workspace Design
      • Agile Working
      • Fit-Out & Refurbishment
      • Inclusive Access
      • Lighting
      • Office Interiors
      • Signage
      • Space Planning
      • Storage
      • Vehicle Management / Parking
      • Washroom
    • Sectors
      • Corporate Office
      • Education
      • Healthcare
      • Manufacturing
      • International
      • Retail
      • Sports & Leisure
      • Regions
  • Buyers' Guide
Quick links:
  • Home
  • Topics
Know How
Content
Explainers
Topics
Know How
Content
Explainers

Dangerous data

Open-access content 28th June 2018
p44_storage_iStock-144721281

Storing boxes of data at a third-party location never used to be a problem, until GDPR came into force earlier this year, says David Fathers.

02 July 2018 | David Fathers


Releasing valuable office space by sending boxes of physical records for storage at third-party warehouses has been a useful solution for FMs for decades. And in the past, businesses were happy the boxes were safe and they were meeting regulatory obligations. Digital records and GDPR are changing that.


EU citizens have the right to ask for their personal data to be edited or deleted, and businesses are required to facilitate those requests within a strict time frame.


How can that be possible when FMs have no idea what data is stored in off-site boxes or how to find what they are looking for?


Many boxes have to be kept for legal reasons, but we estimate that up to 15 per cent of boxes stored with records management companies are past their 'destroy date' and being kept unnecessarily.


It's a bigger problem than people realise because GDPR doesn't only apply to digital data - it also applies to physical data on paper.


Keeping boxes of records when you don't need to - and when you have no idea what they contain - is a ticking data time bomb that could lead to data breaches and fines.


A lot of people are keeping these boxes just in case they don't know what's in them or they're worried about throwing something away that will become useful in future.


But that is a false economy. Under GDPR companies really need to know what data they are storing and where it is - paying to store mystery boxes really is bad news. 


The general public is more aware of their rights relating to how companies manage and use information about them. The companies that act now will secure greater public confidence and thrive in the post-GDPR world. 


Here is a five-point plan to reduce risk.


1 Determine which documents need to be kept

All boxes stored offsite should have a 'destroy date' determined by their contents. Regulations dictate that differing documents need to be retained for varying periods so it is not possible to have a 'destroy everything' policy. 

For example, building regulations require data in the construction sector to be kept for 30 or 40 years. In the legal profession, patent and trademark data must be kept for 35 years from the point at which a patent is granted. In health, radiotherapy records must be kept for 75 years after the patient dies and many government or pharma records must be kept indefinitely. 

Choosing the right boxes to destroy at the right time is vital.


2 Prioritise which boxes to destroy

Destroy the oldest boxes first, particularly boxes that have never even been opened. Always ask for a certificate of secure destruction. There are potentially millions of boxes out there that have never been opened in 10 years.


3 Identify who bears responsibility for physical data in your business

GDPR has seen the emergence of the data protection officer and brought data protection to the boardroom. But not everyone has considered physical data in their data protection systems, as many seem to think it applies only to data stored digitally. 


Who is responsible for managing and retaining these documents in your business? Is it the data protection officer? Do you even have one and, if not, then who? 


4 Consider the options

Secure destruction is by far the most cost-effective solution for out-of-date boxes. But it is also worth considering that for some paper-based data, scanning a digital version could be a better long-term solution. 


This can be comparatively expensive and time-consuming, so it is important to understand the need for accessibility and the need to share any data across your company.


5 Take action

Not dealing with the issue is a big risk. We estimate that there could be up to 30 million cartons being kept unnecessarily in the UK, so you can see 

the size of the problem. If you don't know what data you are storing, how can you be certain of protecting it? Fines for data breaches under GDPR can be as high as €20 million or 4 per cent of global turnover. However, the risk to corporate reputation could be far greater. 


David Fathers is regional general manager at Crown Records Management

Share
  • Twitter
  • Facebook
  • Linked in
  • Mail
  • Print

Most-Popular

 

Latest Jobs

Head of Digital Transformation

London (Central)
£55,000 - £65,000 +Car & Package
Reference
54315

Head of Venue Operations

Tower Hamlets
£50,000 - £55,000 + Benefits
Reference
54314

Property Programme Manager - Fire Safety – Student Accommodation (MC)

London (Central)
£100k plus bonus + package
Reference
54310
See all jobs »

 

 

Sign up to our newsletter

News, jobs and updates

Sign up

Subscribe to print

Sign up to receive our bi-monthly magazine

Subscribe
Facilitate magazine cover, June 2020
​
FOLLOW US
@Facilitate_Mag
Facilitate Magazine
Facilitate Magazine
CONTACT US
Contact us
Tel: 020 7880 6200
​

IWFM

About IWFM
Become a member
Qualifications
Events

Information

Privacy Policy
Terms & Conditions
Cookie Policy
Think Green

Get in touch

Contact us
Advertise with us
Subscribe to Facilitate Magazine
Write for Facilitate Magazine

General

IWFM Jobs
Help

www.facilitatemagazine.com and Facilitate magazine are published by Redactive Media Group. All rights reserved. Reproduction of any part is not allowed without written permission.

Redactive, Level 5, 78 Chamber Street, London, E1 8BL