Data retention policy

Price:  £45.00(Inc. 20% VAT)(£37.50 Exc. VAT)

This policy sets our the procedures of an organisation with respect to data archiving, retention and deletion.


This document helps organisations to systematise their policies and procedures with regards to the deletion and archiving of information, including both electronic and manual records

The motive behind the creation of many retention policies is the General Data Protection Regulation (GDPR), which regulates the processing of personal data. However, because in practice personal and non-personal data are not easily separable, this template covers both.

The relevant data will have to be categorised in order for the policy to be used effectively. Although this policy includes a set of proposed categories, it is advisable to adjust the categorisation scheme to the relevant organisation.

Under the GDPR, personal data should only be retained by an organisation for so long as necessary for particular and lawful purposes. However, the duration of data retention will be influenced by other legal requirements: many pieces of legislation require that data be retained for minimum periods. When determining retention periods, the possibility that data will be needed to pursue or defend legal matters should also be considered. Limitations periods will be relevant here.

Because the applicable data retention periods will differ substantially from one institution to another, this policy does not suggest particular periods; instead, it provides the structure for defining those periods.

Where an organisation acts as a controller with regards to personal data, then the organisation will need to directly disclose information to data subjects the retention periods or the way they are calculated - usually by way of a privacy policy or data protection information notice.

This is a management-level policy and is not designed to be part of staff handbook.

MAIN BODY OF POLICY

  1. Introduction
  2. Definitions
  3. Data retention, archiving and deletion
  4. Data subject to contractual deletion obligations
  5. Default archiving and deletion methods
  6. Reviewing and updating this policy

SCHEDULE (DATA RETENTION PERIODS)

  1. Introduction
  2. Permanent data: retention and archiving
  3. Corporate data: retention, archiving and deletion
  4. Accounting data: retention, archiving and deletion
  5. Payroll data: retention, archiving and deletion
  6. Health data: retention, archiving and deletion
  7. Employee data: retention, archiving and deletion
  8. Property data: retention, archiving and deletion
  9. Intellectual property data: retention, archiving and deletion
  10. Insurance data: retention, archiving and deletion
  11. Contract data: retention, archiving and deletion
  12. Supplier data: retention, archiving and deletion
  13. Customer data: retention, archiving and deletion
  14. Service data: retention, archiving and deletion
  15. Electronic communications data: retention, archiving and deletion
  16. Residual data: retention, archiving and deletion

This template is supplied in Word (.doc) format and is 27 pages long, including 5 pages of guidance notes.

A copy of this data retention policy is included in the following pack:


Customers who bought this item also bought: