systems and data must still be considered, as any data recorded over time may still be applicable as part of the regulatory (e.g.: ‘right to forget’) requirements.
All documents relevant to the process need to be listed and it is important that there is no dependency of records on different processes, as when deleting data this should not become an issue. This element becomes more challenging when one document is utilised across various processes and each process requires a different retention period in accordance with Act regulations.
The biggest challenge that most organisations face though is having their employees understand record management requirements and implementation of compliance elements. Different Acts have different perspectives of records management, retention periods and information requirements.
“Fundamentally, record management is the safeguarding of all customers data while they interact with an organisation, and following this period not sharing, utilising or over utilising the data without notice and/or consent,” says Atluri. During the auditing process the organisation procedures will be assessed to ensure that data is being recorded and managed in accordance with
 IDENTIFY
 1
  2
  3
  4
  5
  6
  all business areas
   all functional areas within the business
 areas within the business all processes in the functional areas
   all the records you create
or use from elsewhere as inputs
 what business
   which all
the records you create or use from elsewhere as inputs
  Finally, apply the correct retention period to the record (an approved retention schedule, classification policy, information handling policy etc. from Legal and Business Risk Management (BRM) is a pre-requisite for records management)
“Once data is deleted it cannot be recovered, thus there is no place for errors in the records management process,” concludes Atluri
                    PAGE
17
THOUGHT LEADERSHIP ARTICLES