Triverus helped create a comprehensive and sustainable data retention program that ensures all data, both structured and unstructured, is stored in compliance with legal and regulatory requirements while meeting business operations needs.
In today’s digital world with increased remote work, organizations are handling massive amounts of data which is stored electronically. It is necessary for companies to retain data as efficiently as possible so that if they need to retrieve that data in the future, they can do so quickly and potentially save time and money. If there is a legal incident, having organized data in place will minimize costs and the time it takes to collect data. According to Transparency Marketing Research, the global e-discovery marketing is expected be valued at more than $25.9 billion in 2031, due to the rise of digital data. With these rising amounts of data, companies cannot overlook how their data is retained and structured.
Our client, a pharmaceutical company founded in 2002 by a team of distinguished Life Sciences leaders, is advancing a pipeline of innovative RNAi-based medicines to transform the lives of people living with diseases for which there are limited or inadequate treatment options. As part of its Data Governance initiative in response to an audit, the company was seeking a partner to develop an enterprise program to manage and operationalize data retention in a phased approach. Triverus was called in to deliver a baseline assessment, data retention policies and procedures, a data retention requirements framework and retention and disposal schedules for structured data, unstructured data, and third-party retention of data.
With the proliferation of data privacy laws like the EU's General Data Protection Regulation (GDPR) it is more important than ever to minimize risk through defensible deletion and data retention strategies and practices. GDPR, since it was introduced in 2016, has made massive changes in how companies do business with Europe. If they are not in compliance, they could face massive penalties or for some businesses, penalties could reach into the billions. Europe continues to create new legislation that could adversely impact organizations if they do not stay abreast of new policies and act on them. By implementing a data retention program it would enable the client to comply with legal and regulatory requirements, support defensible data deletion, minimize legal risks, limit data exposed in a breach or eDiscovery and reduce data storage costs. Of particular concern was accommodating the regulations of thirty plus countries and handling exceptions such as legal holds and individual’s rights for erasure.
During the Discovery Phase Triverus developed a clear understanding of the current state, the key business drivers, the desired state, assessed gaps, and identified risks and key requirements to support roll out of a data retention program. Findings were reviewed with key stakeholders to ensure alignment and accuracy.
Triverus recommended and successfully delivered a three-pronged approach for implementing a sustainable data retention program. Focus areas are below
Management Model: A management model was put in place to define roles and responsibilities (including 3rd parties); scope and guiding principles, policy, procedures, methods, tools, and compliance
Data Retention Requirements and Schedule: Triverus developed a retention requirements framework (including special handling), data classification, data inventory and recommended retention schedules for in-scope data sets. Templates were created to inventory data, map data to categories and requirements, and provide data set work instructions for implementation.
Operations: A prioritized, phased roadmap was designed to implement the data retention program in accordance with the schedule, appropriate methods, and monitoring.
As a result of the Triverus team’s expertise, leadership and direction, the client has a comprehensive and sustainable data retention program that they can implement to ensure all data, both structured and unstructured, will be stored in compliance with legal and regulatory requirements and meet the needs of business operations. If the organization needs to retrieve their data in the future, they will be more prepared to do so more efficiently.