Resource Hub

Resource Hub

News

contact call03300972848

Our latest news and blogs

/ Categories: September

GDPR: Records Management Checklist

GDPR impacts across many areas within an organisation. To ensure you are operating within the guidelines, Restore have drawn up a checklist using ICO guidance to assist anyone involved with records management:
  • Records management organisation: Your organisation needs to define and allocate records management responsibilities.
  • Records management policy: Your business has approved and published an appropriate records management policy and this is subject to a regular review process.
  • Records management risk: Your business has identified records management risks as part of a wider information risk management process.
  • Records management training: Your business incorporates records management within a formal training programme. This comprises of mandatory induction training with regular refresher material, and specialist training for those with specific records management functions.
  • Monitoring and reporting: Your business carries out periodic checks on records security and there is monitoring of compliance with records management procedures.
  • Record creation: Your business has set minimum standards for the creation of paper or electronic records.
  • Information you hold: Your business has identified where you use manual and electronic records keeping systems and actively maintains a centralised record of those systems.
  • Information standards: Your business has processes in place to ensure that the personal data you collect is accurate, adequate, relevant and not excessive. You carry out regular reviews to remove any personal data records that are out of date or no longer relevant.
  • Tracking and offsite storage of paper records: Your business has tracking mechanisms to record the movement of manual records and ensure their security between office and storage areas and also in instances where records are taken offsite.
  • Offsite transfer of electronic records: Your business has appropriate measures in place to transfer electronic records off-site and protect personal data from loss or theft.
  • Secure storage of records: Your business stores paper and electronic records securely with appropriate environmental controls and higher level security around special categories of personal data.
  • Access to records: Your business restricts access to records storage areas in order to prevent unauthorised access, damage, theft or loss. You should implement role based access and check it regularly.
  • Access to records: Your business has a process to assign and manage user accounts to authorise individuals and to remove them when no longer appropriate.
  • Business continuity: Your business has business continuity plans in place in the event of a disaster. This includes identifying records that are critical to the continual functioning or reconstruction of your business. You also routinely back up data that is stored electronically to help restore information needed.
  • Disposal of data: Your business has a retention and disposal schedule which details how long you will keep manual and electronic records.
  • Disposal of data: Your business has confidential waste disposal processes to ensure that records are destroyed to an appropriate standard.

If you would like a more in-depth discussion regarding your organisations records management processes and procedures please contact us at: gdpr@restoredigital.co.uk

Print

x