Data retention policy: Properly secure your data

With Iron Mountain’s Policy Centre Solution Suite, managing retention and compliance can be so much easier.


Policy center banner - two business people talking

Data retention policy: Properly secure your data

With Iron Mountain’s Policy Centre Solution Suite, managing retention and compliance can be so much easier.


  1. Data retention policy

The importance of proper data retention and privacy policies

Proper data retention and privacy policies are key to keeping your business’ and your customers’ information safe.

From the creation of important documents to their eventual destruction, organisations have a legal obligation to protect their data to prevent information leaks. An organisation has the responsibility of understanding the type of information they hold and ensuring that it is effectively managed. Maintaining a proper data retention and privacy policy can help ensure that vital information is correctly stored and disposed of when it is no longer needed.

Not having a data retention policy could lead to compromised information security, a cluttered workspace, loss of time and even further legal ramifications. In the absence of privacy policies, your company could be deemed as untrustworthy for consumers and might even be in violation of compliance requirements.

Iron Mountain’s Policy Centre Solution Suite is a cloud-based retention and privacy policy management platform that provides a user-friendly way for you to know your data security obligations and show compliance. Combined with Iron Mountain’s advisory services, your company will never be in the dark regarding data regulations again.

How does a retention policy work?

A retention policy sets forth how your company stores its data. When information is entered into a company database or created physically, that data is either stored temporarily or long term, depending on legislative requirements.

Everything from customer data, job applications, training records and other personal files all need to be deleted after a certain amount of time under data retention policies. Depending on where your business is located, the storage of this data is governed by local regulations.

Why is data archiving and data deletion important?

Archiving and deleting data is vital since information can pile up quickly and can consume a large amount of resources. In their physical form, documents can clutter up a workplace and overwhelm the office. In the digital realm, unnecessary files can take up space in your computer’s storage memory. A proper retention policy categorises which files can immediately be disposed of and which files can be moved to a different location like physical storage or an external hard-drive for further storage.

Creating a retention schedule that lines up with your retention policy can help your business organise the way your information flows within your organisation. These schedules allow you to automatically delete outdated and unnecessary information in regular intervals, which can free up space for other uses.

Putting a retention policy into place can save a company on costs and organise the flow of information.

How does a privacy policy work?

A privacy policy is a legal requirement that discloses how a company gathers, uses and stores the information it receives from customers. Privacy policies are legally required in many countries around the world, and not having a secure one can quickly lead to hefty fines for the company due to their risk of leaking confidential personal data.

In certain parts of the world, strict privacy policies also mean that your customer data can be deleted upon request, which may change the way in which you store your data. Be sure that you’re following these guidelines in order to continue operating your organisation in different countries.

In addition, a well managed information policy ensures that your data is properly being disposed of through correct, safe means.

Retention Policy Management Banner - Folks meeting over documents

RETENTION POLICY MANAGEMENT

Policy Centre Solution Suite

Iron Mountain’s Policy Centre Solution Suite is a cloud-based retention and privacy policy management platform that provides a user-friendly way for you to know your data security obligations and show compliance. Combined with Iron Mountain’s advisory services, your company will never be in the dark regarding data regulations again. Choose the subscription tier — Standard, Professional or Enterprise — that best aligns with your company’s goals.

How it works

On the Policy Centre Solution Suite interface, you can read about retention and privacy laws that fall under your business’ jurisdiction and industry.

The Policy Centre Solution Suite can be easily tailored to your organisation’s personal requirements, making it easy for you to understand the fine print of your country’s data regulations. Online alerts within the company portal can also warn you of any changes regarding a country’s data policy.

User portal

Our Policy Centre Solution Suite’s user portal is user-friendly, bringing everybody in your business up to speed on the latest data retention regulations.

For more information about parallel policies in other departments and other countries, simply switch over to those tabs to view their regulations. Iron Mountain makes it easy for you to understand data retention policies across all sectors around the world. You also have the option to connect policy to your content infrastructure through an open application programming interface (API).

Thanks to the Policy Centre Solution Suite, you can operate within these laws with ease and confidence. Let us handle the data retention policies for you.

Policy Centre Professional Edition

Similar to the Policy Centre Standard Edition, Iron Mountain’s Policy Centre Professional Edition manages your data policies for your organisation. However, the Policy Centre Professional Edition also provides a customisable retention schedule and continuously updated retention legal requirements.

The Policy Centre Professional Edition offers you deep information governance expertise and will guide you through the process of creating or revamping your information management policies as part of the IG Program Development services.

With continuously updated regulatory requirements within its interface, the Policy Centre Professional Edition is another great option for your data retention needs.

A blue icon of a building

Policy Centre Enterprise Edition

The Policy Centre Enterprise Edition includes the retention and privacy legal requirements, data flow mapping tool to record processing activities and coverage of other countries and industries. This version comes with the previously mentioned features as well as:

Data flow mapping tool

To show compliance with data retention policies, you’ll have tools within the Policy Centre Solution Suite to create visual maps. These maps can help you visualise where personal data lives, who owns it, what process it's a part of and what your retention rules and privacy obligations are. Maps can also come in handy when auditing your company’s data collection policies, making it easy to point out where data is stored throughout its life cycle.


Complimentary services

If you choose to subscribe to either the Policy Centre Solution Suite or the Policy Centre Professional Edition, Iron Mountain offers additional complimentary services to help your organisation achieve its goals.

Advisory services

To help assess your information management policies, procedures and platforms and readiness to comply with the regulations that govern you, our Advisory Services team can provide you an in-depth assessment and roadmap to help you achieve your goals through the IG Assessment service.

Content Classification service

With up-to-date and connected retention and privacy policies, you’re in a good position to clean up your legacy content through our Content Classification service, leveraging our proprietary classification rules database that systematically calculates destruction eligibility according to your data retention schedule.

Secure Shredding service and e-Waste service

When your information has met your organisation’s requirements of retention, our Secure Shredding service and Secure e-Waste and IT Asset Disposition service will enable you to destroy it, confident that you are complying with regulations governing information destruction. For information you’ll be retaining, you can use our Secure Storage Services to secure and protect your valuable information. Combine Document Scanning of physical documents and digital storage in a secure cloud repository with Iron Mountain InSight® Essential Edition.

Compliance with data retention requirements

With Iron Mountain’s Policy Centre Solution Suite, your organisation will always be in compliance with data regulations. Unsure whether your data retention system abides by the rules? Our advisory services can assist you in managing your record retention correctly.

For instance, if you are conducting business with any country in the UK or EU, your company will have to abide by the General Data Protection Regulation (GDPR). The UK-GDPR follows seven key principles, and can vary depending on which specific country or region you are dealing with.

  • Lawfulness, fairness and transparency.
  • Purpose limitation.
  • Data minimisation.
  • Accuracy.
  • Storage limitation.
  • Integrity and confidentiality (security).
  • Accountability.

This is just one example of a region’s data policy. Every country abides by a different regulation for their data, which can be difficult to keep track of if you are constantly interacting with organisations based in various countries.

Don’t take the risk of having a faulty data policy. According to the Ponemon Institute, the global average cost of a data break is $3.92 million, while the average size of a data breach is 25,575 records. In the worst cases, failure to comply with GDPR means fees up to 20 million euros, or even 4% of global annual turnover — whichever is higher.

Proper data deletion

Deleting an electronic document isn’t as simple as dragging a file to your recycle bin.

According to data retention law, proper data regulation demands that data is properly disposed of at the end of its information life cycle.

With Iron Mountain, know that your customers’ data will all follow proper destruction protocols.

Our E-waste disposal services can help you destroy digital information or even physical devices that hold digital information. If you’re getting rid of old office equipment, for instance, Iron Mountain offers services to wipe these devices and then recycle them all according to data deletion standards. Know that your company won’t experience any data leaks with Iron Mountain’s data deletion processes, which come as a complementary add-on service when you subscribe to either Policy Centre editions.

Iron Mountain’s secure IT asset disposition programme (ITAD) can help you destroy:

  • Company laptops.
  • PCs and computers.
  • Desktops and tablets.
  • All commercial IT hardware.
  • Business printers, scanners and copiers.
  • AV production and display equipment.
  • Any extra commercial IT assets you need disposed of.

SEE HOW YOU CAN MANAGE RETENTION AND PRIVACY TOGETHER


LEARN HOW POLICY CENTRE CAN HELP ACHIEVE YOUR ORGANISATIONAL NEEDS.
TALK TO OUR INFORMATION GOVERNANCE EXPERTS TODAY!
Contact Us

Contact Iron Mountain

Learn more about web-based, technology-driven retention and privacy policy management.

contact us Business women | Iron Mountain

Contact Iron Mountain

Learn more about web-based, technology-driven retention and privacy policy management.