Best Practice Update

Black and white photo of one person passing a paper document to another person over a desk with a calculator on.  A cartoon of Harry the Hacker in colour running away with a bag of confidential waste

Why Data Should Stay Put: Benefits of Keeping Data in Its Original System

During our data walks and when talking with customers, we see a lot of personal data that has been removed from its original system.  This article discusses the benefits of keeping data in it's a original system and the risks that might occur when it is removed.

Currently most organisations keep a lot, if not all, of their data online, the benefits to this are clear:
  1. Data integrity and consistency - when data remains in its native system, its integrity and consistency are better preserved.  Moving data between systems can introduce errors, data corruption, compromise of accuracy and reliability of the information. 
  2. Reduced duplication - as soon as data is removed or extracted from its original system, the data is duplicated and there can then be some doubt about the true version of a document, for example.
  3. Security - keeping data in its original system means that it is more secure because it is protected by the security of the system for which it was intended.  As soon as a list of personal data is printed or copied, it is no longer under that security umbrella and at risk of a data breach or being part of a cyber security attack.
  4. Management oversight -Managers and Supervisors do not have oversight of that data once removed from its original system.  The ICO recently reprimanded Dover Harbour Board and Kent Police of over information sharing via social media messaging apps.  
  5. Transfer of data - as soon as any personal devices or systems are used, the data has been removed from the organisation's infrastructure and so can easily be shared and forwarded to an individual or group outside of the organisation.
Consider whether you are emailing other staff members about a work-related matter than contains someone else's personal matter - if that information resides in a more secure and appropriate system, that information is better protected there.

The full ICO reprimand can be read here: ICO reprimands Dover Harbour Board and Kent Police over information sharing.  The ICO stated that there are official channels for law enforcement agencies to lawfully share information which should be used by staff, which covers all the points in this article about an organisation's systems being already in place with the appropriate security to protect it. Another key point to take from the reprimand is that an office in Kent Police used a personal mobile phone to take a photo of an individual's identity document and uploaded it to a messaging service that was not a Kent Police official system.

Takeaways from this article:

  • Try and keep personal data in its original system so that it is protected by the systems settings.
  • Avoid using non-organisation approved systems for messaging/discussing work-related matters especially when it contains personal data.
  • Using only an organisation's systems for personal data can help avoid a data breach.
We provide a data protection service that includes help and advice about information management, information and cyber security and general help and guidance about managing data.  Here's an example of the kind of question we might ask about how you manage data in your organisation:

Does your organisation follow best practice for keeping data in its original system?

Invalid Input

Great, it sounds as though your organisation has an understanding about the importance of keeping data safe and secure by keeping in its original system.

For further help and guidance and access to the full checklist, please contact This email address is being protected from spambots. You need JavaScript enabled to view it..

As a controller you are responsible for keeping any personal data safe that you collected. Understanding about data duplication and data security can prevent data breaches and protect your data.

Harry the Hacker loves to take data that isn't protected!

Clipart cartoon with headphones on Please contact us for more help and advice about data protection compliance and cyber security standards: This email address is being protected from spambots. You need JavaScript enabled to view it. including the full checklist and best practice. 


Try asking the data protection lead in your organisation, or SLT digital lead or contact your DPO:

We can provide help and guidance with data protection compliance, cyber security standards and records management: This email address is being protected from spambots. You need JavaScript enabled to view it. including the full checklist and best practice.