Information is a very basic but vital business asset. Even the smallest companies are required to keep records for accounts, audit, tax, pensions or health and safety reasons. Yet the type of information many small businesses hold and store often reaches far beyond this, either because they need it to run their day to day business or because they’re simply keeping it ‘just in case it comes in handy one day’.Whether that’s an old customer database or the CV details of a prospective employee the company once interviewed, one thing is certain; the way we tackle archiving and protecting this information should be top of the agenda for every business owner in 2014. As the speed at which we’re gathering information has increased rapidly in recent years, many SMEs have been left with an unprecedented amount of paper records to manage and store. Effective records management is possible, however – the Bankers Box website, for example, offers hints and tips as well as a free-to-download Records Management Handbook to help businesses manage their data and records more effectively. The term ‘records’ usually refers to the information we’re legally obliged to keep but it also covers contracts, purchase orders, progress or sales reports, correspondence and all other documents. Around three quarters of SMEs hold and store their paper records onsite, according to recent research by Fellowes, global manufacturer of office supply equipment. The reality is that even the most organised company will have unfiled documents lying around on desks and in trays. How many of us have picked up the wrong paperwork from a printer or found something we shouldn’t, left behind on a meeting room table? Worryingly, UK Office workers are regularly seeing confidential details of their company’s financial status or their colleagues’ salary details. For businesses that rely on the paper information they keep and those which are legally obliged to keep it – such as legal or financial firms – failure to keep on top of records can mean financial penalties, serious administrative mistakes and reputational damage. But, more broadly, piles of paper or long forgotten filing in any business can also lead to missed new business opportunities, wasted time, poor productivity and duplication of tasks. Of course, the more sinister threat is that poor management systems, both on and off line, also pose corporate security and regulatory risks to businesses like never before. The much-debated new EU General Data Protection Regulations (expected to come into force in late 2015) aims to tackle this global issue and to a large extent mitigate the threat of cyber crime across the continent. They set out a series of rules which cover how businesses should handle and store data on any individual. This doesn’t just apply to the huge amount of information we keep online, it also includes paper-based data and this is where smaller businesses need to sit up and take notice. Regardless of any proposed amendments to these regulations, they represent a complete re-take on this aspect of business operations. SMEs need to start preparing now. Final proposals on this legislation will be confirmed over the next few months but the savvy business owner should not take a ‘wait and see’ approach to this. Despite general awareness among SMEs of the importance of correctly storing information and its protection, there is also a lot of confusion, along with some inconsistency and some bad habits. Many larger companies already have robust data procedures and teams in place to specifically deal with how they manage the information they hold and how they use it off and online. Smaller companies are more likely to keep paper records on an ad hoc basis and are much less likely to have the manpower or resources to make sure they are 100 per cent compliant with all the current laws. The new Regulations, which will apply right across the 27 EU states, will create a uniform approach for all. Companies of all sizes will be required to establish a culture of monitoring, reviewing and assessing their data processing procedures – that includes storage – taking clear responsibility for minimising the amount of data they hold on any individuals and how they store it. Any existing information or data that companies hold will have to be reviewed and audited to make sure that consent to hold it was given in the correct way, explicitly and freely. Businesses are being advised to create a clear strategy for information storage which includes all the ways in which records are used or kept, whether that is online or – crucially – on paper. They need a company-wide policy or procedure on classification, collection, retention and destruction of all paper records which relate to any individual. Businesses are now being held accountable for documentation, which must be up to date, in reasonable order and accessible quickly. Continue reading on page two… Join Real Business and Martin Smith MBE for a live Twitter Q&A session on Friday February 7 at 11am – find out more and submit your questions here.
Share this story