The other week I wrote about our work on eliminating the need to store or process personal information in our own vendors here at Oneflow. A lot of the information in the article applies to your business as well, especially how you can make your life easier by using data retention policies. Remember, personally identifiable information (PII) is toxic, if (when) it leaks it will be very costly to handle.
Data retention policies allow you to sleep better at night knowing all your old PII is safely removed automatically and periodically.
What is a data retention policy?
A data retention policy controls how long data should be kept within an organization and when the data should be deleted. Since the introduction of GDPR, organizations are required to have complete control over how long they retain personal information.
At Oneflow, we offer a variety of policies you can configure to fit your business, and I will explain how it works in this post.
Why should you remove old contracts?
Avoid costly risk to your business
I know it goes against most of your processes or how you’re used to handle data, but do you really need to retain thousands of expired contracts? Each old contract you keep poses a risk to you and your business. Personal information has become toxic and while we do our utmost to protect your data it’s always safer to avoid saving unnecessary personal information. For the offers and contracts you do keep, consider adding two-step-authentication to the counterparties of these contracts to protect against your counterparties accidentally forwarding their contracts.
Keep your contract list clean and organized
It is also much easier for you to manage and keep track of your contracts by having fewer of them. Periodically removing unused drafts and expired contracts will make life easier for your colleagues who will have less to think about. At Oneflow, our employees immediately enabled the draft rule to reduce the clutter in their own workspace when we launched this functionality. Finally, as you’ll often have multiple contracts with the same company, automatically removing the old ones will help you find the important contracts much quicker.
Earn trust from your customers
Just like us, keeping your own house nice and tidy is a very good selling point for your own customers. It’s about creating a mindset in your organization on how you work with the PII you’re responsible for together with your vendors. Demand more functionality from your vendors to control and reduce the data you keep around. Both you and your vendors will benefit from this. Once you get your processes in line with this way of thinking, it’s easy to replicate this with other vendors. In this day and age, you’ll reap the rewards from not storing data when you don’t have to, and your customers will be more comfortable using your services because of it.
What’s a good data retention period?
It totally depends on what types of contracts you have, how long you absolutely must keep them around after they have expired, declined, or been terminated. Luckily you can configure different policies for different departments.
For example, in Sales, you might want to go back and revive old deals so you’ll retain your offers longer, while in HR you want to remove your candidates’ personal information very quickly in case the candidate rejected your offer.
You can even tailor your retention policies based on regulations in different countries. However, you can easily get started by setting a high number and lowering it as you go along when you feel more comfortable.
Enabling data retention policies
Oneflow lets you configure different policies for different needs. By default, all policies are set to retain your data indefinitely, but you can override these policies from a single day all the way up to 10 years.
You can currently enable different policies for drafts and expired, declined, or terminated contracts. When you enable a policy Oneflow will also let you know how many contracts will be affected immediately, which could help you decide what a good threshold will be.
Our new Security & Compliance Team
At Oneflow, we know that Security is of the utmost importance. That is why we are building a team devoted to Security & Compliance. Olu Asaolu, our Senior Information Security Analyst, is responsible for keeping Oneflow and all of our employees and customers safe digitally. He will keep us up to date with the latest security measures, vet all suppliers and applications used at Oneflow, conduct risk assessments, and continuously educate Oneflow employees on security measures and compliance.