SOLUTIONS

For IT & Collaboration Owners
Deliver safe, secure collaboration while satisfying the needs of stakeholders across the business

For Security
Improve your risk posture with a purpose-built solution for collaboration

For Legal
Scale, orchestrate and streamline your eDiscovery process for employee collaboration
For Compliance
Establish a proactive approach to collaboration compliance and information governance


For Employee Experience
Harness insights from surveys and collaboration data to transform the employee experience

AWR-2023_human-behavior-risk-analysis-report_cover art_small
Download the Resource

The Human Behavior Risk Analysis

Learn More →

Integrations

Connect Aware to the tools you already use to have all your company messaging in one place.

LEARN MORE →
Our Platform

Contextual Intelligence Platform

Aware is a contextual intelligence platform that identifies and reduces risk, strengthens security and compliance, and uncovers real-time business insights from digital conversations at scale.

LEARN MORE → Learn About our AI →
Our Applications
Flashlight

Signal

Protect your data and your people with complete, real-time visibility and centralized control of collaboration.

Learn More →
Chat_Search

Data Management

Take centralized control and make smarter decisions about what to keep and what to purge.

Learn More →
file_lock

Search & Discover

AI-powered universal search purpose-built for collaboration. Find information and surfaces the full story—faster.

Learn More →
Growth

Spotlight

Automatically capture authentic human signals from modern collaboration to support your most valuable asset.

Learn More →
AWR-2022-HBRA-LandingPage-Visual

What's in your data?

Calculate my results →

Company

About Aware

Our leadership, our company

Careers

Explore open roles with our remote-friendly, global team

Partners

Driving customer value, together

Press Releases

Digital workplace news and insights

Customers

How Aware customers streamline operations, reduce risk, and boost productivity

Security

Data security partners & certifications

Contact

Get in touch with us

Aware-BPW-Company-Nav

10 Reasons Why Aware is a Top Place to Work

Learn more →

Resources

Access reports, webinars, checklists and more.

Explore →

Blog

Explore articles devoted to enterprise collaboration, employee engagement, research & more

Explore →
Case Study Promo_2023

How Aware customers streamline operations, reduce risk, and boost productivity

Read More →
Menu

Every Company Should Have a Records Retention Policy—Here's Why

by Aware

These days, headlines around the globe focus on conversations around data and data management. With the impending enforcement of the EU’s General Data Protection Regulation (GDPR) and increasing interest in how personal data is collected, leveraged, and maintained, it is more important than ever to audit the health of your employee data.

Traditional areas to audit include:

  • Personnel files such as wage data or reference checks
  • Documents containing employee personally identifiable information (e.g. social security numbers)
  • Company emails and work documents

But data no longer lives in just the ‘traditional’ sources. As technology evolves, new data sources emerge that didn’t exist when regulatory environments were established. And, it’s no secret that enacting a regulation takes time. This time lag between new technology in the market and the law leaves many people (and their data) vulnerable, if left unchecked.

GDPR in a Nutshell

GDPR takes a stab at confronting the issue. In a nutshell, GDPR says that people have the right to their own personal data. And that individuals have the right to request access to that data, understand how it’s used, and “request to be forgotten”. The broad stroke regulation works to tackle the fact that new technology emerges constantly and, until legislation catches up, organizations might leverage personal data without the individual’s knowledge.

Because it is new, article 29 of GDPR creates a Data Protection Working Party (generally known as Article 29 Working Party) with the intention of providing the European Commission with independent advice on data protection matters and helping in the development of harmonized policies for data protection in the EU Member States.

“Since the publication of these documents, a number of new technologies have been adopted that enable more systematic processing of employees’ personal data at work, creating significant challenges to privacy and data protection.”

– Article 29 Working Party

As employees send messages, modify files, and interact on the web, their digital fingerprint is constantly growing and changing. Digital communication generates more data than ever before, and while it can provide incredible insights, data controllers need to make compliance and risk mitigation a priority.

When Introducing Technology, Consider the Corresponding Employee Data

With enterprise collaboration platforms (e.g. Yammer, Workplace by Facebook, Microsoft Teams) entering organizations at an unprecedented rate, communication between colleagues is quickly transforming. More informal, frequent correspondences occur in private and public forums. This does introduce a new set of potential risks to the enterprise security ecosystem. It is imperative to monitor, secure and, when appropriate, destroy the data produced within this platform, just like any other source of employee data.

“Employers should always bear in mind the fundamental data protection principles…irrespective of the technology used, [and] the contents of electronic communications made from business premises enjoy the same fundamental rights protections as analogue communications…”

– Article 29 Working Party

The ‘contents of electronic communication’ applies to the conversations that take place in collaboration tools. Therefore, employees have the right to, as with all other records: request their own data, understand how it is being used, and act on their ‘right to be forgotten.'

In addition to these employee rights, the Article 29 Working Party also recommends not to ‘retain [personal data] any longer than necessary.'

Mitigate Risk by Being Proactive with Record Retention Policies

A clearly laid out Record Retention Policy (RRP), where paper and electronic personnel records and confidential employee data maintained by the company is destroyed when retention dates pass, helps defend against employment-related litigation.

Establish a clear policy on data backup and destruction including schedule, file location, methods of destruction and a records administrator. Consult your organization’s legal resources to define the retention dates for various data types.

A data management tool, like Aware, can help your organization implement its new record retention policy. Based on policies you select, the tool will destroy collaboration platform data when programmed retention date passes. By doing so, you can maintain compliance while protecting vulnerable employee data from exposure or a potential breach.

Securely Say “Yes” to Collaboration

With accelerating change in digital working and tool preferences – allow your organization to work effectively, on collaboration tools, while remaining secure and compliant. Aware by Wiretap gives you peace of mind that insider threats, gaps, and risks are minimized and mitigated.

Check out our information governance checklist  to better understand how you can safeguard your organization in today's digital environment. 

Download Free Checklist


*This article is provided for general informational purposes only, and may not reflect current law in your jurisdiction. No reader should act or refrain from acting on the basis of any information included in, or accessible through, this Post without seeking the appropriate legal or other professional advice.
Topics:Compliance AdherenceRecords Retention/Information Governance