Information Governance: Working towards a more transparent tomorrow

Three years on from the introduction of GDPR, Iron Mountain’s Gavin Siggers explores what the future holds for Information Governance in a post-pandemic world
Three years on from the introduction of GDPR, Iron Mountain’s Gavin Siggers explores what the future holds for Information Governance in a post-pandemic world.

The past three years have been nothing short of momentous for data handlers. Firstly, the EU’s General Data Protection Regulation (GDPR) subjected Information Governance (IG) practices to new levels of scrutiny. Meanwhile, the data landscape has continued to grow in scale and complexity, creating myriad new challenges to address. And then, the COVID-19 pandemic hit, thrusting employees into virtual workplaces, upsetting IG norms and procedures, and increasing the risk of non-compliance and cyberattack. The pandemic has not only challenged how organisations manage their information, but has also changed its nature, with many companies now conducting health screenings and feeding into virus tracking systems, on top of core business data.

Driven by these independent but interrelated factors, discussions on privacy compliance have never been more heated. And the pressure is on data managers to rapidly evolve and adapt their practices to fit the new, post-pandemic reality. To answer the question of where we go from here, and how organisations can ensure their IG policies are futureproofed – whatever new hurdles come next – we need to return to the fundamental principle of GDPR: data transparency. A notion that appears to have been somewhat lost over the past few years – despite the business benefits to be gained from placing it front and centre.

Responsible data practices as a competitive advantage

For too long there’s been an assumption that an organisation’s business interests and the privacy of its customers are mutually exclusive. In practice, however, responsible data practices can actually help drive growth by creating trusted relationships. At a time when concerns over data privacy are greater than ever, the ability for companies to demonstrate that they genuinely care about people’s privacy is a crucial selling point.

With this in mind, an ethical and successful IG program should embed the notion of transparency throughout every system and process, and across the entire workforce. Beyond compliance obligations, this means being fully transparent with the people whose data you hold. Best practice is to regularly publish details on your data policies and any changes, and to do this in a way that puts the customers’ interests first. Indeed, with privacy so high up the public agenda, the question is: why don’t organisations shout as loudly about their IG practices as they do about their sustainability performance?

Transparency breeds trust and innovation

It is easy to view GDPR and regulations like it as simple compliance hurdles. Boxes that need to be ticked before getting on with the ‘real’ business of running an organisation. This, however, ignores the positive and lasting impact data privacy legislation has had in modernising their IG strategies.

Many of the foundational principles of good IG support organisations in dealing with their data, legacy or otherwise.  When it came into force, GDPR forced companies across the continent to take stock of the information they held, interrogate why and how they use it, and fully understand its lifecycle. As a result, enterprise data could no longer be out of sight and out of mind.

This more proactive approach to IG has in turn demonstrated the increasing value of data digitisation. Meanwhile, new tools – such as AI and Machine Learning – are helping companies better understand their data, how to look after it and how to make better use of it. For example, an NHS Trust in the UK wanted to find a way of digitising almost 200,000 patient records while optimising clinical and administrative efficiency while investing in providing a future capability for its patients to access their records online. The digital tools available in an electronic document management system (EDMS) helped the Trust collect and index files, return images and ultimately transform its Electronic Patient Record system.

Four steps towards a modern and ethical IG programme

It can be daunting, particularly as the volume and complexity of the data organisations hold continues to swell, but in essence, the key to future-proof IG boils down to the following four imperatives:

  1. Analyse and Address Your Risks: The first step is to understand where your organisation currently sits in terms of IG maturity, and then map out a path for the future. This begins by proactively pinpointing and addressing any data handling risks or blind spots in your procedures and policies. To help, there are a number of useful products designed to measure an enterprise’s maturity state against benchmarks, as well as progress over time.
  1. Know Your Data: The next step is to make a plan for your information assets. This should include understanding the value and risks associated with different information types and aligning the lifecycle accordingly will improve the applicability of automation, supported by machine learning. This reduces the burden of integration and data management, eliminates human error and bias, and can also help cut costs and uncover new revenue streams.
  1. Embed transparency into every system and process: It’s critical that businesses operate in a spirit of transparency at all times. This means regularly publishing information on data protection and privacy performance and any changes in how data is being used.  Even when the news is bad. Importantly, these practices also need to be embraced across the organisation.
  1. Keep Going: Finally, you need to recognise that this is a process of continuous improvement, ongoing investment and oversight. To maintain focus and engagement, it’s important to map out and apply and measure appropriate controls as well as to celebrate key milestones.

Organisations can achieve tangible business benefits beyond compliance, driving trusted relationships, trusted data-driven decisions and opening doors for new paths of innovation by applying transparency principles to their data assets.


Understanding your organisation’s current position in terms of IG maturity is the first step in ensuring your IG framework is fit for the future. Iron Mountain can help you start on the right path by supporting you to understand your baseline, allowing you to start conversations with key stakeholders and begin to reimagine your IG processes, embedding principles of transparency throughout.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter


  • Information Governance, Security & Data, Information Governance: Working towards a more transparent tomorrow

    Gavin Siggers is an information governance and records management expert with over twenty years’ experience as both a practitioner and consultant. As the Director for Professional Services at Iron Mountain, he leads the information governance advisory practice for Europe. He is a board member for the UK Chapter of ARMA International and was previously the European Region Director. In addition, he is a mentor for the Information and Records Management Society. Siggers specialises in leading clients through the development of information management strategies and a usable governance framework for their information assets that takes account of business, legal and regulatory requirement. He has worked across industry verticals throughout Europe and the USA, delivering strategic business side consultancy in information governance and system design, implementation and training.

How to defend against Active Directory attacks that leave no...

Amber Donovan-Stevens • 16th September 2021

Cybercriminals are using new tactics and techniques to gain access to Active Directory in novel ways, making their attacks even more dangerous—and more necessary to detect. This article will explore a few types of attacks have been seen in the wild that leave no discernable trail or, at least, any evidence of malicious activity, explains...

8th worst in Europe: Cybersecurity for UK business

Amber Donovan-Stevens • 10th September 2021

In the article, Hayley Kershaw, AdvanceFirst Technologies, analyses the data from recent research to identify successful cybersecurity practices from countries achieving the top-ranking and how, with the UK’s commitment to cybersecurity, businesses can improve.

Join our webinar on 28th September: How the digital nomad generation influences business behaviour