Data man­age­ment is a re­l­at­ively new field within in­form­a­tion tech­no­logy, emerging in response to growing con­nectiv­ity and the ever-in­creas­ing flood of data in modern busi­nesses. The topic has also become a focus of research. Data science, in par­tic­u­lar, is a young dis­cip­line dedicated to the sensible storage and in­teg­ra­tion of data, as well as efficient methods for searching through large datasets.

Defin­i­tion of data man­age­ment

Data man­age­ment defines clear re­quire­ments for handling digital in­form­a­tion and refers to a process rather than isolated actions. Data should be sys­tem­at­ic­ally organised right from the point of col­lec­tion and entry. Data min­im­isa­tion and quality are key aspects to keep in mind. In addition to safe­guard­ing the content, the data must remain practical and usable for its intended purpose. Another important con­sid­er­a­tion is de­term­in­ing which data should be archived and for how long. Any data that is no longer needed must be easy to locate and securely deleted without delay.

Defin­i­tion

Data man­age­ment defin­i­tion: The term data man­age­ment describes a com­pre­hens­ive concept for handling digital data. It includes all steps from col­lec­tion, storage, and pro­cessing to archiving and deletion, taking into account both business re­quire­ments and data security and privacy ob­lig­a­tions.

Types of data

When de­vel­op­ing a data man­age­ment plan, begin by identi­fy­ing the different types of data your business produces. Cat­egor­ising this in­form­a­tion allows you to work in a struc­tured way and ensures that no important area is over­looked.

  • Personal data: In­form­a­tion relating to iden­ti­fi­able in­di­vidu­als, such as names, phone numbers, and addresses. It can also include be­ha­vi­our­al data like shopping habits. This may apply to customer data, employee records, or third-party data — all of which require special pro­tec­tion under the UK GDPR.
  • Protected company data: Internal in­form­a­tion such as financial accounts, tax records, and trade secrets. Define precisely what falls into this category to ensure con­sist­ent handling.
  • Secondary data: Data created for a purpose other than its original intent — for example, CCTV footage installed for security might also capture customer vehicle re­gis­tra­tions, or server log files storing visitors’ IP addresses.
  • Public data: Data in­ten­tion­ally published, such as website content, brochures, and marketing materials. Copyright law and in­tel­lec­tu­al property pro­tec­tions apply — in the UK, logos and designs can be protected under the Re­gistered Designs Act 1949.

Tasks and im­ple­ment­a­tion of data man­age­ment

The role of data man­age­ment is to integrate all processes from col­lec­tion to storage or deletion, focusing on ef­fi­ciency. This considers the entire Data Life Man­age­ment (DLM) cycle.

Data col­lec­tion

Data pro­cessing begins with col­lec­tion. Two prin­ciples are crucial:

  1. Data min­im­isa­tion – Only gather what is necessary. This principle is embedded in the UK GDPR and Data Pro­tec­tion Act 2018. You must have a lawful basis for pro­cessing data, such as consent, con­trac­tu­al necessity, or legal ob­lig­a­tion.
  2. Data quality – Capture data ac­cur­ately to avoid rework or errors. Store it in the correct format for later use to prevent loss or cor­rup­tion during con­ver­sions.

Data storage

Choosing the storage location and format is vital. Combining local storage with secure cloud storageis often the most resilient option for critical data.

Local storage Cloud storage
Greater control over physical access High scalab­il­ity and disaster recovery
Higher upfront costs Ongoing sub­scrip­tion fees
Vul­ner­able to local hardware failure Requires a stable internet con­nec­tion

For large datasets, databases are generally preferred. If industry-specific software is used (e.g. ac­count­ing or inventory man­age­ment), ensure com­pat­ib­il­ity with export formats for HMRC audits.

Data security

Data must be protected from loss, un­au­thor­ised changes, and un­au­thor­ised access. In the UK, the National Cyber Security Centre (NCSC) offers guidance on pro­tect­ing against cyber threats. Cer­ti­fic­a­tions like ISO 27001 are widely re­cog­nised and can help meet com­pli­ance re­quire­ments.

Potential threats include:

  • Hardware damage (fire, flooding, power surges)
  • Ac­ci­dent­al deletion or mis­con­fig­ur­a­tion
  • Malware or ransom­ware attacks
  • Software bugs or vul­ner­ab­il­it­ies
  • Physical theft of devices

To address the various risks, solutions include not only software-based pro­tec­tion mech­an­isms but also or­gan­isa­tion­al measures such as fire and burglar alarm systems.

Keep these prin­ciples in mind:

  • Regular updates: Consider the pros and cons of automated versus manual updates. Automated updates have the advantage of running con­sist­ently without being forgotten, while manual updates reduce the risk of faulty in­stall­a­tions.
  • Secure passwords: There are various strategies to consider here. One effective approach is to set guidelines requiring employees to use complex passwords. Regular password changes are also re­com­men­ded. However, placing too much emphasis on com­plex­ity and frequent changes can backfire, leading employees to write passwords down and leave them at their workspace.
  • Antivirus/Firewall: Current antivirus pro­tec­tion is essential for any IT system. Depending on the com­plex­ity of the network, it may be advisable to use a firewall and, if needed, an Intrusion Detection System (IDS).
  • Backup strategy: One of the most important aspects is un­doubtedly the proper backup strategy. Relevant data should be thor­oughly and regularly backed up on media located in different places. A par­tic­u­lar challenge is backing up databases. It may not be possible to simply copy open files during operation. Instead, backups must be performed from within the ap­plic­a­tion used or by using spe­cial­ised software like MySQL Dump.
Tip

When creating backups, it’s important to follow a few best practices:

  • Automated creation – Schedule backups to run auto­mat­ic­ally to avoid human error or oversight.
  • In­cre­ment­al storage of critical data – Save only the changes since the last backup to optimise storage space and speed.
  • Retention of older versions – Keep previous backup versions to restore data from different points in time if needed.
  • Secure storage location – Use a system that restricts user access, or connect the storage media only during the backup process to protect it from un­au­thor­ised access or malware.

Data pro­tec­tion

Data pro­tec­tion is to be dis­tin­guished from data security, although there are overlaps. The goal here is simply to ensure that un­au­thor­ised persons have no access to con­fid­en­tial data. Data pro­tec­tion includes the following areas:

  1. Prevent external access: This requires data security measures

  2. Restrict internal access to personal data: This requires a per­mis­sions man­age­ment system in the software used. This way, in­di­vidu­al employees are denied access or data sets are only partially displayed. Ad­di­tion­al pro­tec­tion is provided by encrypted trans­mis­sion and storage of data. This ensures that sensitive data is protected from hardware access, such as during a break-in or by un­au­thor­ised employees.

Archiving

Archiving non-current data — such as invoices and tax documents — is a legal re­quire­ment under UK law, with retention periods defined by HMRC and other reg­u­lat­ors.

  • Separate storage – Reduces backup size and improves data pro­tec­tion.
  • Suitable media – Tape drives are highly durable but costly to set up. Hard drives must be checked regularly. CDs/DVDs are prone to de­grad­a­tion.

Deleting

When data is no longer required, securely delete it to remove com­pli­ance ob­lig­a­tions. The UK GDPR includes the “right to erasure” for personal data. Standard OS deletion may only mark data as available for over­writ­ing; use secure erasure tools for full com­pli­ance.

Other legal re­quire­ments

Key UK le­gis­la­tion and frame­works include:

  • UK GDPR and Data Pro­tec­tion Act 2018
  • Privacy and Elec­tron­ic Com­mu­nic­a­tions Reg­u­la­tions (PECR)
  • Freedom of In­form­a­tion Act 2000 (for public bodies)
  • Sector-specific re­quire­ments such as NHS Data Security and Pro­tec­tion Toolkit for health­care

Some or­gan­isa­tions must appoint a Data Pro­tec­tion Officer (DPO) — for example, if they carry out large-scale mon­it­or­ing or process sensitive cat­egor­ies of data.

Types of data man­age­ment

How data man­age­ment is organised depends on the size of each company. Various ap­proaches to in­teg­rated solutions are available on the market. Possible forms include:

  • En­ter­prise Resource Planning Systems (ERP): These systems offer the most com­pre­hens­ive approach. All resources of the company are recorded and con­sidered. This includes personnel, equipment, and materials. Well-known com­mer­cial vendors are SAP, Sage, Oracle, and Microsoft. However, there are also free software solutions like Odoo and OpenZ.
  • Master Data Man­age­ment (Central Master Data Ad­min­is­tra­tion): Cent­ral­isa­tion and revision of a company’s core data. This includes employee data, customer data, and in­form­a­tion about equipment. The goal is a uniform data quality that leads to improved usability. This approach is usually con­sidered in ERP systems.
  • Content Man­age­ment Systems (CMS): Pre­dom­in­antly in­form­a­tion man­age­ment systems, for example, in the form of a central intranet for the company. Due to their great flex­ib­il­ity, other aspects like form man­age­ment and the in­teg­ra­tion of databases are also possible.
  • Document Man­age­ment Systems (DMS): A subset of data man­age­ment. They provide forms and offer functions such as filing and archiving.

Chal­lenges of data man­age­ment

Data man­age­ment is a dynamic process and must be con­tinu­ally adjusted to current re­quire­ments. This results in new chal­lenges each time.

Big data

Data volumes are con­stantly in­creas­ing. Con­sequently, there are high demands on data man­age­ment, es­pe­cially in the following areas:

  • Scalab­il­ity of storage and backup ca­pa­cit­ies
  • Or­gan­isa­tion and find­ab­il­ity of required data
  • Data min­im­isa­tion and filtering of important in­form­a­tion

Security

Network ad­min­is­trat­ors con­stantly face new dangers. In­form­a­tion theft through social en­gin­eer­ing and sabotage via ransom­ware are just some scenarios. The more a company digitizes its data resources, the more dependent it becomes on the func­tion­al­ity of the system used. Therefore, it’s essential to stay informed about new risks and make pre­par­a­tions for hardware failure or lack of access to their own systems.

Legal re­quire­ments

The in­tro­duc­tion of the UK GDPR and the Data Pro­tec­tion Act 2018 has brought sig­ni­fic­ant changes for busi­nesses operating in the UK. Many or­gan­isa­tions faced con­sid­er­able effort to align processes with the new rules, par­tic­u­larly following the UK’s departure from the EU. It remains likely that further reg­u­la­tions or amend­ments — for example, updates to data transfer rules or sector-specific re­quire­ments — will be in­tro­duced in future. Such changes may require companies to review and adjust their data man­age­ment strategies.

Changes in the company en­vir­on­ment

Shifts in a company’s structure or op­er­a­tions — such as mergers, ex­pan­sions, or new service offerings — can have a direct impact on data man­age­ment. To prepare for this, busi­nesses should use systems that are scalable and easy to migrate. Regular employee training on internal data gov­ernance and com­pli­ance re­quire­ments is essential, even though it adds to the ongoing workload.

Cloud Backup powered by Acronis
Mitigate downtime with total workload pro­tec­tion
  • Automatic backup and easy recovery
  • Intuitive schedul­ing and man­age­ment
  • AI-based threat pro­tec­tion
Go to Main Menu