Well hasn’t all this GDPR stuff been exciting! (Please note, I couldn’t find a font that conveyed quite the right level of sarcasm here.)
If you are just about ready to throw in the towel and go hide in a yurt in Outer Mongolia then fear not mere human… you are not alone!
In big organisations they have people dedicated to data protection. It is their only job. It is the only thing they do when they come to work in the morning (poor souls!) For the rest of us mortals that have to juggle data protection with answering the phone, making the tea and cleaning the loo – things are not so simple. If you are anything like me then all the extra work that GDPR has generated has had a massive impact on your day to day stress levels.
I don’t expect GDPR inspectors to come breaking down doors on the 25th May demanding to see your policies and software audit. However, that doesn’t mean that you don’t need to be prepared. It’s more likely that a member of the public will report a concern to the ICO which will set the inspection ball rolling.
As we have progressed along our own journey to sainthood compliance we have picked up a few hiding places for data and things you may not have considered. Here we go, hold tight and keep calm!
- Spreadsheets, Documents, Filing Cabinets, Archive Boxes etc.
I thought I would start you off with an easy one here. If you don’t need the box of receipts from 1870 – then get rid of them! Make sure everyone knows where they should be saving their work.
- Your Accounting Data i.e. Sage Data you use everyday
Okay this is a bit more complicated. We all know that you have to keep accounts records for seven years, but have you checked your accounts customer list for people with no transactions or transactions that are more than 7 years old? We’ve been trading since 1991 and our customer list in Sage has never had a really good cleanout. As a result, we have customer records for people who bought a printer in 1997. I highly doubt their phone number is still valid and the printer is now well out of warranty so it’s time to say goodbye and remove these inactive/old records from your Sage.
- Your Sage Company Archives
We’re ramping up the pressure a bit now. Do you have archived companies that are handy to dip into now and again? We do! They’re usually created when you do your year-end routine, but can be created at any point; usually if you need to clear down the number of transactions stored in Sage. (Note: Clearing transactions DOES NOT remove the account so this is different to the point above.) You need to think about getting rid of those archived data sets as it’s another place you need to look if you get a Subject Access Request!
- Your Payroll – Delete Old Employees Records
You need to keep payroll records for 3 years from the end of the tax year they relate to. After that, you can delete the employee from payroll. Sage payroll is good at hiding your historical leavers so make sure you click on the criteria button and untick historical leavers!
- Your Payroll – Next of Kin Information
You may not have thought about this one! Do you hold next of kin information or emergency contact numbers for your employees? You need to seek consent from those people to hold their data in your systems.
As we all progress along this journey one thing is certain, you are not alone! If you need help – reach out and we will certainly do all we can to help you.