Store your business’ essential documents securely offsite to save space and ensure compliance.
Protect your business’s digital media in a secure, climate-controlled vault.
Secure your essential records like wills, evidence, trusts, and legal documents in our vault.
Preserve the safety and integrity of biological samples, pathology slides, and critical medical materials with secure, climate-controlled storage.
Easily manage and track your inventory online with Corodata’s secure and user-friendly Client Portal.
Access your physical documents digitally with Corodata’s Scan on Demand service. Deliver secure, on-request scans directly to your device.
Digitize large quantities of documents efficiently with Corodata’s High Volume Scanning. Ensure quick, secure, and accurate conversion to digital files.
Securely access your digital and scanned documents anytime from your desktop, tablet, or phone with CoroVault.
Secure offsite storage for critical documents, ensuring space savings and compliance.
Prevent data breaches with certified hard drive destruction, fully wiping data and ensuring compliance.
Host a shred event to provide secure shredding services to your community at a central location with our mobile shred truck.
Stay informed with the latest records management tips, industry news, and expert insights.
Unlock free exclusive ebooks, templates, and checklists to streamline your business operations.
Access free on-demand webinars to master Corodata’s client portal.
This guide reveals exactly which business records to keep and for how long.
Safeguard your business operations and speed up recovery during a crisis by completing this disaster recovery plan.
Easily maintain HIPAA compliance with our comprehensive checklist.
Since 1948, we have delivered secure records management solutions to help businesses confidently protect and manage their information.
Since GDPR, CCPA and CPRA have changed requirements for managing consumer data and documents, you need to ensure your data collection and management processes comply—including document storage and destruction.
Here’s a basic checklist for those less versed in consumer privacy compliance. Bonus: It’s an interactive checklist, so you can use it over and over. Just hit refresh.
GDPR outlines the role of a Data Protection Officer (DPO) and what this person does for compliance management (articles 38 and 39). While there is not an explicit mandate to establish a DPO for CCPA and CPRA, provisions specify organizations are obligated to train their staff in compliance and be able to handle data-related customer inquiries. Therefore, it’s common to have a DPO help manage CCPA & CPRA compliance and be responsible for other tasks and duties unrelated to data protection.
For example, expand the role of records manager or information manager. The DPO’s responsibilities include creating internal processes and data governance practices, maintaining consumer privacy request procedures, and employee training.
It’s important to update your organization’s privacy notice to comply with GDPR, explaining in easy-to-understand language how you process personal data and how it applies data protection principles (articles 12, 13, and 14). If you are collecting data, you must display a privacy notice and include it on your website.
For CCPA and CPRA, it’s essential to inform consumers what information you are collecting or disclosing to other entities before the data is collected. Specifically, you must tell consumers what categories of information you’re collecting—i.e., physical addresses, financial information, and even sleep habits—and if it’s not included in your privacy policy, you can’t collect it.
You must disclose if you plan to sell information to a third party, including categories of information, and identify who is receiving the information. Furthermore, you must ensure your website allows users to opt out of having their data sold and let consumers exercise their rights to correct, limit or delete Sensitive Personal Information (SPI) as defined in CPRA.
You will need internal data governance measures, such as creating a records retention schedule, that uses personal information only for the reasons disclosed and keeps personal information as long as necessary for records retention practices.
Additionally, consumers have the right to access their information and request the deletion of information from your systems, which you must do within 45 days. To comply with the requests, establish governance policies to authenticate the consumer and designate the original data source.
Perhaps most importantly, according to GDPR, you must secure your customer data (article 32). CCPA and CPRA give consumers even more control. California businesses have a significantly increased risk of massive fines and penalties for even a tiny breach of private data.
Data breaches continue to climb, and the burden of security and reporting breaches is on the company. So, it’s now more important than ever to secure paper documents and protect your business from data theft.
Sort, label, and create a searchable inventory that you can access quickly and securely. You can use these six Dewey Decimal fundamentals to help you store and find your files. In addition, if you index your files, you will be able to meet many of the consumer privacy requirements.
The chain of custody keeps tabs on every document over its lifecycle. It tracks every file’s whereabouts and indexed information. Under GDPR, you must maintain records of processing activities (ROPA), which are internal records containing information on all personal data processing activities carried out by your organization (article 30).
For CCPA and CPRA, the chain of custody is critical for locating consumer data and deleting it. In addition, ensure you can track whether data was sold or transferred to a third party, collected more than 12 months ago, or purchased from a third party.
Consumer privacy continues to evolve, so it’s important for teams managing any personal data to understand their role in compliance. Implement education and training policies within your company to ensure compliance with all requirements for records management.
While there are no specific training guidelines provided, GDPR advises the DPO of your organization to spearhead awareness and training of any staff members that manage personal data (article 39). For CCPA and CPRA, any employee involved in implementing, managing, or overseeing compliance with the CCPA and CPRA should receive training. Check out this 5-Step Guide for CPRA Training (also helpful for CCPA) and these helpful training tips for record retention.
There are certain situations that may call for partnering with external teams to help:
When you’re ready, we’ll get you started.