Estimated reading time: 3 minutes, 12 seconds

Data Retention Policies Must Fit Your Big Data Strategies Featured

Data Retention Policies Must Fit Your Big Data Strategies Mathew Schwartz

Data retention policy (DRP) is an important component in an organization's enterprise data management strategy. As simple as it can be, an enterprise data management strategy cannot be complete without it. Basically, DRP is a set of rules that guides the processes of holding, storing and deleting information that an organization generates or handles. Despite appearing simple, building a comprehensive data retention policy manageable and compatible with the legal, government, and industry demands is complicated.

Despite the problems that can be encountered while developing the DRP policies, they not only minimize the organization’s risk of difficulty of mandated requirements but also adds enormous value. With the right data governance frameworks in place, the costs associated with compliance and investigation and the potential lawsuits that can lead to serious repercussions on businesses are minimized. Furthermore, it minimizes internal costs linked to the hardware needed to store unnecessary data on servers and staff that manage data and servers.

A DRP is crucial for the development of knowledge. A proper DRP will store all data gathered in ways that can be reusable in the future. In case of legal, regulatory or security issues, it can be too late to think about getting data within an organization in order. For organizations to operate in an orderly and efficient manner, they need to learn how to create, use, and dispose of obsolete records efficiently. DRP and retention schedule are two critical tools that help achieve this.

DRP Policy planning

The first step in developing a comprehensive DRP strategy is identifying the needs of a specific business that the policy needs to address. This is followed by reviewing the compliance regulations that apply to that case. It is achieved by designating a team of individuals across different business practices to start data inventorying and develop a plan to implement a data retention policy that meets the requirements of your business while meeting the regulations. While the chief data officer (CDO) should lead the processes of DRP’s design and implementation, everyone who deals with data must equally be aware of the implementation mechanisms to facilitate it. DRP implementation is often a top-down decision, although it requires buy-ins from every level of an organization. Therefore, stakeholders from different departments within the organization such as the IT, legal, privacy, security and records personnel need to be given a chance to weigh in on the enterprise data retention policy. Doing so leads to the development of a proper, all-inclusive DRP policy. You can also get input from external legal counsel to review the recommendations and suggest possible amendments.

When updating or developing a DRP, always note that the regulatory requirements keep changing over the years, and changes will continue coming. With technological advances, changes are sometimes too fast, meaning new systems emerge and others are decommissioned. As such, the data landscape changes dramatically. Therefore, policies and procedures must change or update with time to include the new updates to remain relevant. The data that needs to be included in the policy depends on the given areas that a company intends to comply with. For instance, GDPR may need to be incorporated by a global company operating in Europe. Therefore, one of the factors that might affect the development of a data retention policy is the geographical dimension of the company. Another critical factor is the type of industry. The biggest mistake that is made by organizations when building their data retention policies is failing to comply with rules, laws and regulations before they embark on their projects.

In short, while there is no single method of building a data retention policy, an effective approach would be to try as much as possible to develop, implement and maintain a policy that has clear protocols and which is flexible enough to meet the requirements and strategies of business, while protecting data.

Read 655 times
Rate this item
(0 votes)
Scott Koegler

Scott Koegler is Executive Editor for Big Data & Analytics Tech Brief

Visit other PMG Sites:

click me
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.