Forget COVID-19 and Brexit, a recent DPO Centre poll of data protection professionals has revealed that from a list of 11 issues, their key challenges for the next 12 months are accountability and data In data protection terms, a defined period of time for which information assets are to be kept.....
This insight was gained from over 500 responses provided by senior individuals across 5 key industry sectors during the DPO Centre’s “GDPR at 2 – Its Past, Present and (far from simple) future” webinar hosted by Data Protection World Forum and delivered in partnership with global top 30 law firm, Squire Patton Boggs.
Overall, the two key standout challenges identified were, as expected, demonstrating accountability, however more unexpectedly, data retention was identified as an equally concerning challenge.
Broken down by industry sector, financial services and education were the two sectors that considered these two issues of highest concern, however the same trend was seen across several sectors, indicating that it is a much wider issue and not one that is specific to a certain sector.
It’s also interesting that financial services and medical sector respondents did not rate breach management and reporting as a significant concern, when those are the sectors that are dealing with the higher volumes of sensitive and Personal data which requires more protection because it is sensitive in nature. GDPR defines special category data as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and data concerning health, a person's sex life, or sexual orientation.....
The move to remote working
The ‘new normal’ has demonstrated that employees do not need to be chained to their office desk and working from home has in some cases seen increased productivity and wellbeing. Google, Mastercard and many others have indicated that they see their employees working from home for the foreseeable future, and Twitter indefinitely. Business leaders could be looking at downscaling from their large city centre offices and driving down costs by promoting ongoing remote or home working. One subsequent question arising from this is “what will happen with all those boxes stored in the basement?”. Archiving and digital transformation projects drive the importance of a sound data retention regime as the business look to incur only the costs of digitising, scanning or storing whatever data is absolutely necessary.
Savvier Data Subjects
Through increased awareness and public understanding of data protection, Data Controllers are receiving ever-increasing numbers of requests from data subjects seeking to enforce their rights under the law.
Poor data retention schemes mean that Data Controllers are further exposed and could result in unnecessary costs when complying with DSAR requests where data is retained for longer than is necessary, rather than managing data retention proactively in the first instance.
Whilst the webinar poll result does not provide specific reasons for the concerns it identifies, a number of differing factors will have contributed to this view being formed. The unique situation we are presently in has enabled DPOs to re-visit their action plans and objectives for the current year. Perhaps DPOs are feeling that now is the time to do the jobs, such as data deletion, cleansing and organising etc, they have previously been putting off and have therefore considered the current period we are in to be an opportunity to good to miss!
If you would like to watch the webinar recording, please click here.
If you would like to read more about data retention you can find our latest blog here