Skip to Content

GDPR data retention policy with schedule

GDPR - DATA RETENTION POLICY WITH SCHEDULE

This is the Data Retention Policy of [GivEnergy].

Introduction

We recognise that in the running of our business, we collect and process personal data from a variety of sources. This personal information is collated in several different formats including letters, emails, legal documents, employment records, operations records, images and statements. The personal data is held in both hard copy and electronic form.

Aims of the policy

Our business will ensure that personal data that we hold is kept secure and that it is held for no longer than is necessary for the purposes for which it is being processed. In addition, we will retain the minimum amount of information to fulfill our statutory obligations and the provision of goods or/and services - as required by the data protection legislation, including the General Data Protection Regulation (GDPR).

Retention

This retention policy (with its schedule), is a tool used to assist us in making decisions on whether a particular document should be retained or disposed of. In addition, it takes account of the context within which the personal data is being processed and our business practices.

Decisions around retention and disposal should be taken in accordance with this policy.

Where a retention period of a specific document has expired, a review should always be carried out prior to the disposal of the document. This does not have to be time-consuming or complex. If a decision is reached to dispose of a document, careful consideration should be given to the method of disposal.

Responsibility

[Carl Pote] is responsible to keep this retention schedule up to date, to reflect changing business needs, new legislation, changing perceptions of risk management and new priorities for our business.

[Carl Pote] is responsible for determining (in accordance with this Policy) whether to retain or dispose of specific documents.

[Carl Pote] may delegate the operational aspect of this function to [Jason Osler].

[Carl Pote] should inform [Jason Osler] if in any doubt about minimum retention periods or if the retention of a document is necessary for a potential claim.

Disposal

We must ensure that personal data is securely disposed of when it’s no longer needed. This will reduce the risk that it will become inaccurate, out of date or irrelevant.

The method of disposal should be appropriate to the nature and sensitivity of the documents concerned and includes:

  • Non-Confidential records: place in waste paper bin for disposal
  • Confidential records: shred documents
  • Deletion of Computer Records
  • Transmission of records to an external body
  • Cloud storage

 

The table below contains the retention period that we have assigned to each type of record. This will be adhered to wherever possible, although it is recognised that there may be exceptional circumstances which require documents to be kept for either shorter or longer periods.

Exceptional circumstances should be reported to [Carl Pote] without delay.

Date created: [07/01/2021]

[Date of review: [07/07/2021]]

Appendix 1: Document retention schedule

Type of record

Retention period

Where is it stored?

Reason

Method of deletion

 

 

 

 

 

Employment records:

 

 

 

 

PAYE records

[3] years from end of fiscal year

[SPECIFY]

[i.e. Legal]

[SPECIFY]

Maternity and paternity pay records

[3] years from end of fiscal year

[SPECIFY]

[SPECIFY]

[SPECIFY]

Medical and health records

[30] years after employment ceases

[SPECIFY]

[SPECIFY]

[SPECIFY]

Unsuccessful candidates

[6 months] after last action

[SPECIFY]

 

[Legal]

[SPECIFY]

Accident report forms

[3] years after last action

[SPECIFY]

[i.e. Legal]

[SPECIFY]

Parental leave records

[5] years from birth of child

[SPECIFY]

[SPECIFY]

[SPECIFY]

Employment records: redundancy, equal opportunities; health & welfare records

[6] years after last action

[SPECIFY]

[SPECIFY]

[SPECIFY]

Employees that left the business: emergency contacts and bank account details

[i.e. Delete immediately after making final salary payment]

 

 

 

Pay & tax: pay deductions, tax forms, payroll, loans

[6] years after last action

[SPECIFY]

[SPECIFY]

[SPECIFY]

Records of formal disciplinary actions in employee file

[6] years after last action

[SPECIFY]

[SPECIFY]

[SPECIFY]

Records of formal grievances in employee file

[6] years after last action

[SPECIFY]

[i.e. Employment contract]

[SPECIFY]

Commercial contracts:

 

 

 

[SPECIFY]

Contracts with suppliers

[6] years after last action

[SPECIFY]

[Supply contract]

[SPECIFY]

Contracts signed as a deed

[12] years after last action

[SPECIFY]

[SPECIFY]

[SPECIFY]

Guarantees and indemnities

[i.e. state the term of the guarantee plus 6 years]

[SPECIFY]

[SPECIFY]

[SPECIFY]

Purchase orders and invoices

[7] years after last action

[SPECIFY]

[SPECIFY]

[SPECIFY]

 

Tax and Accounting Records:

 

 

 

[SPECIFY]

Tax returns

[10] years from end of fiscal year

[SPECIFY]

[i.e. Audit]

[SPECIFY]

Accounting & financial management information

[6] years from end of fiscal year

[SPECIFY]

[SPECIFY]

[SPECIFY]

Stock transfer forms and share certificates

[20] years from purchase

[SPECIFY]

[SPECIFY]

[SPECIFY]

Marketing records:

 

 

 

[SPECIFY]

Mailing lists

[1] year after last action

[SPECIFY]

[i.e. To assist with audit]

[SPECIFY]

Operational records:

 

 

 

[SPECIFY]

Vehicles

[i.e. Keep asset and depreciation records for 6 years after end of financial year to which they relate]

[SPECIFY]

[SPECIFY]

[SPECIFY]

Closed circuit television recordings

[i.e. Destroy 4 weeks from the date recorded except where required as evidence]

[SPECIFY]

[SPECIFY]

[SPECIFY]

Fire Risk Assessments

[i.e. Retain until superseded]

[SPECIFY]

[SPECIFY]

[SPECIFY]

Policies/Procedures

[7] years

 

[SPECIFY]

[SPECIFY]

Complaints

[6] years from end of fiscal year

[SPECIFY]

[SPECIFY]

[SPECIFY]

Building (i.e. lease/deeds)

[i.e. Destroy 6 years after property is no longer occupied]

[SPECIFY]

[SPECIFY]

[SPECIFY]

Maintenance contracts

[15] years from last action

[SPECIFY]

[SPECIFY]

[SPECIFY]

Website FAQs

[6] months from last action

[SPECIFY]

[i.e. Issue is generally resolved upon response]

[SPECIFY]

Property plans and surveys

[25] years

[SPECIFY]

[SPECIFY]

[SPECIFY]

Insurance schedules

[10] years after last action

[SPECIFY]

[SPECIFY]

[SPECIFY]

Pat tests, fire hazard tests

[6] years from last action

[SPECIFY]

[SPECIFY]

[SPECIFY]

Register of members

Life of company

[SPECIFY]

[SPECIFY]

[SPECIFY]

Memorandum of association

Life of company

[SPECIFY]

[SPECIFY]

[SPECIFY]

Register of directors and secretaries

Life of company

[SPECIFY]

[SPECIFY]

[SPECIFY]

Employer’s liability insurance certificates

Life of company

[SPECIFY]

[SPECIFY]

[SPECIFY]

Intellectual property records:

 

 

 

[SPECIFY]

Copyright material

50 years from expiry

[SPECIFY]

[SPECIFY]

[SPECIFY]

Email records:

 

 

 

 

Email correspondence

[Archive emails after 6 months]

[SPECIFY]

[SPECIFY]

[Archive – explain the tool you use etc]