Organizations are fine tuning their compliance efforts around the EU General Data Protection Regulation ahead of its May 25 implementation date, and as the days fly by, tech vendors are responding by releasing more and more specialized products to assist in those efforts.
While data subject access request tools are hot right now, data destruction solutions are also hitting the market. Case in point, one company is offering a solution designed to help organizations figure out the different data retention schedules from various jurisdictions around the world.
Filerskeepers Founder Wanne Pemmelaar and Co-Founder Madeleine Vos said their company has been able to gather information on data retention periods using a combination of technology and a team of corporate lawyers who have specialized in global data protection law.
Pemmelaar and Vos hatched filerskeepers while working at a private practice in Amsterdam following a failed attempt to provide data retention terms to a client. Pemmelaar, Vos and their team saw a demand for information on data retention periods with the GDPR looming on the horizon.
“Data and record retention is going to be the next frontier,” said Pemmelaar.
“Data and record retention is going to be the next frontier,” said Pemmelaar in a phone interview with Privacy Tech. “We see that the timing is right and everyone in the CPO communities are talking about it. Everyone is worried about it because they have to deal with IT systems that potentially cannot implement all those retention periods.”
Pemmelaar and Vos sees filerskeepers as a more efficient means to discover data retention schedules. He says it's more cost effective than having lawyers with high hourly rates spend lengthy periods of time researching, only to have whatever findings they produce be out of date by the time it is handed to the client.
“People usually turn to their lawyers and then they ask the question, and the lawyer will come up with anything he or she can think of at the moment,” said Pemmelaar. “We have actually seen some customers who have asked, let’s say a Belgian lawyer, to deliver a global retention schedule, and they get a retention schedule based on the Belgian law with the lawyer writing on top of it, global.”
Gathering large amounts of information on data retention has proven to be a challenge for filerskeepers, which is why the company crowdsources with their customers in order to make sure they have not missed any rules. While filerskeepers has checked all of the countries thoroughly, Pemmelaar feels it is better to air on the side of caution.
Pemmelaar said besides gathering all of the information, language can also be a tricky issue for filerskeepers, as they are admittedly not fluent in all of the languages in the countries they service.
For many members of filerskeepers, they are venturing into an area where they did not receive training in law school. “We are lawyers by background so we have to overcome the very limited skill set that we were trained in and now we have to be digital entrepreneurs and we have to be as user friendly as we can, so that is a constant journey,” said Pemmelaar.
Filerskeepers has compiled the data retention periods from 40 countries worldwide, with the majority located in Europe. Organizations can buy a single data retention schedule delivered in an excel spreadsheet, or can get a subscription package where they can choose up to 10 countries and receive notifications for new schedules.
If an organization operates out of more than 10 countries, filerskeepers offers an unlimited subscription service, where clients can choose as many countries as they need, while Pemmelaar and his team produce updated schedules as laws change
Filerskeepers gave Privacy Tech a sample excel spreadsheet breaking down the data retention schedule of the Netherlands. The spreadsheet is divided into six sections: who is holding the information; what is stored; is it a minimum or maximum period; the retention period itself; when the period begins; and a hyperlink to a legal reference.
The schedules can be broken down into different industries as well. For example, when looking at health and safety records, a care provider in the Netherlands can store medical files for a minimum of 15 years from the date of drafting, with the legal reference directing users to the appropriate section of the Dutch Civil Code.
In terms of its primary client base, filerskeepers has found customers in various industries, but transportation has proven to be the company’s most prevalent user, followed by health care and finance. As the GDPR deadline draws closer and companies conduct data protection impact assessments, those industries will be taking a closer look at the data in their possession.
“What we are doing is actually helping companies find the missing piece when it comes to data retention, because people fill out the DPIA and only one question remains, and that is ‘how long are we going to store this data?’”
“The GDPR is very disciplining in terms of getting all of your systems in an inventory and answering all the hard questions that you need to answer on the user data and how you protect that data,” said Pemmelaar. “What we are doing is actually helping companies find the missing piece when it comes to data retention, because people fill out the DPIA and only one question remains, and that is ‘how long are we going to store this data?’”
Filerskeepers has plenty of work it will be doing as the GDPR implementation date comes and goes. Pemmelaar said the company hopes to eventually implement dashboards to display the data retention periods, while aiming to develop algorithms to help clients calculate optimal retention schedules. The company also wants to expand its country offerings to 100 within the upcoming weeks.
Most of all, filerskeepers wants to position itself as the definitive answer for data retention questions.
“We are really hopeful that we can allow our customers to master data retention. I think that’s the ambition that we set out,” said Pemmelaar. “We want to solve this problem once and for all. It will be a bit of a journey, but we are very confident that we are on the right track to tackle it.”
Top image courtesy of filerskeepers.
If you want to comment on this post, you need to login.