Records management: what does it entail?

Records management (RM) is the supervision and administration of digital or paper records, regardless of their format. It focuses on:

  • Reducing lost and misfiled documents
  • Helping to organise existing documents better
  • Enabling quicker search and retrieval of documents
  • Improving the general work processes as well as efficiency
  • Increasing office space by reducing the amount of space needed for documents e.g. filing cabinets. (Proper records management can cut your physical and digital storage requirement by up to 40%.)

By carrying out these tasks in a systematic and controlled way, you ensure that records are authentic, accurate, reliable, easily accessible and are kept as long as they should be.

As a company grows, it gets more difficult to keep an overview of where documents are stored, whether they’re up-to-date, or if you even still have them.

The aim of records management is, therefore, to help a company make documents accessible for both business operations and audits. Spreadsheets are a great way to track where records are stored and many small or medium-sized businesses use this method, but for larger businesses, records management software suites are more suitable and often have accounting software included.

Complying with legal requirements

For many companies, it’s not simply a case of deciding whether to organise your documents correctly using records management; it’s actually a legal requirement. These are some of the problems you may face if you don’t comply:

  • Be fined
  • Risk of being audited by authorities
  • Possible damage to reputation
  • Risk of prosecution and claims for damages
Note

For example, if you fail to keep accounting records, you could be fined £3,000 by HMRC or even disqualified as a company director!

When you comply with the legal requirements of records management, you have to familiarise yourself with not just the national requirements but also Europe-wide. ISO 15489 is the leading standard that provides guidance on how to maintain an archive system. Find out more about the international standard in the following paragraph.

ISO 15489 standard

This international standard has been implemented in the UK under the name BS ISO 15489-1:2001. It was revised in 2016 and therefore now bears the name BS ISO 15489-1:2016. It has been adopted in over 50 countries and translated into more than 15 different languages. It provides organisations with a theoretical framework for recordkeeping and also highlights how important records management is for a company. It covers topics such as:

  • Metadata for records
  • Records systems and controls
  • Records monitoring
  • Training for effective records management
  • Creating, capturing, and managing records

By using the standard as a guide, organisations can rest in the knowledge that they are in safe hands when it comes to General Data Protection Regulation (GDPR) and anything else related to the ever-stricter rules regarding data protection.

Although it’s not mandatory to follow ISO 15489, there are retention periods specific for certain countries, which must be complied with. For example, in the UK, the Limitations Act 1980 states that all business contracts, agreements and other arrangements need to be safely stored for the length of the employee’s contract and for six years after they leave.

Note

It is important to ensure that you are keeping accurate records for both physical and digital records, particularly email. Emails can (but do not have to be) be considered business letters, which means it’s extremely important that they are appropriately archived. If a transaction has been completed, prepared or cancelled by email, it can be considered a business letter, and be retained as a record, along with any file attachments. Our articles on record retention periods and archiving for business emails may be useful resources to your company when ensuring that your electronic records are being archived correctly.

GDPR and the Data Protection Act 2018

Briefly mentioned above, the General Data Protection Regulation is a law that came into effect in May 2018 and contains a special provision for archiving personal data in the public interest. The Data Protection Act 2018 (DPA) is the UK’s implementations of the EU’s GDPR standards and also came into effect in May 2018, replacing the Data Protection Act 1998. The act, however, only applies to data of living people, not to all records in an archive. It specifies (amongst other things) that data must be accurate, kept up to date, kept for no longer than necessary, and handled in a way that ensures appropriate security as well as protection against unlawful or unauthorised processing, access, loss, destruction, or damage. Businesses that fail to comply with the Data Protection Act can expect fine of up to £500,000. Not complying with the GDPR or suffering a data breach could set a company back up to 17 million euros or 4% of its annual turnover.

Please note the legal disclaimer relating to this article.


Wait! We’ve got something for you!
Get your .co.uk domain now, the first year is free.

Enter the web address of your choice in the search bar to check its availability.
12 month for £0/year
then £10/year