Earlier on this year copies of one of Ireland’s daily papers kept dropping through a neighbour’s door in our Coventry street.
Increasingly frustrated he kept coming round with them. He couldn’t understand why we’d ordered a paper covering a country we don’t live in any more to be delivered to a house we don’t live in any more either.
The trouble was we had neither ordered the copies or paid for them. It was a situation where applying the principles of the GDPR would have saved everybody time and the newspaper’s management quite a bit of money.
Storage limitation, in other words not keeping data any longer than it’s needed, is one of the principles of the GDPR. It seems sensible enough but the legislation isn’t all that specific. It’s worded so that organisations can decide how long they need data for their specific circumstances. The catch is business owners and managers are expected to be able to justify it.
Most organisations pick a way through it by having a written data retention policy and adhering to it. The new year is a good time to get started, especially if it’s a quiet period for your organisation.
The Irish daily newspaper that dropped through the neighbour’s door came unstuck for two reasons. First of all it was more than 13 years since a relative had bought a subscription as a present. It seems unlikely they needed to keep the data for that long. So they hadn’t complied with a reasonable data retention policy. There comes a point where it would have been fair enough to treat any repeat business from us as that of a new customer. They just had to decide when and do it. And because of a hitch in subscription services some customers whose subscriptions had long expired were being treated as current customers.
The new year is a great time for organisations to check they’re not holding on to any data that isn’t needed any more. If any of it is waste paper that needs to be confidentially destroyed in Coventry or Warwickshire ring Crow Recycling on 02476552444.