Data Retention Strategy & Policy
TechB – Technology for Business is committed to protecting and respecting your privacy. TechB – Technology for Business Ltd is currently registered under the Data Protection Act 1998, for further information please visit the Information Commissioners Website at www.ico.org.uk.
For the purpose of the Data Protection Act 1998 and the General Data Protection Regulation (the “Act”), in certain instances the data controller is dependent on the given activity and use of the information obtained and will be TechB – Technology for Business Ltd (of 18 Batten Road, Downton Business Centre, Salisbury, SP5 3HU). If you have any questions regarding this Policy you should contact TechB in the first instance via [email protected] or to the following address:
The Data Protection Office
TechB – Technology for Business
18 Batten Road
Downton Business Centre
Salisbury, SP5 3HU
Information and data is one of TechB’s key corporate assets. In the course of carrying out its’ various functions, TechB accumulates information from both individuals and external organisations. TechB also generates a wide range of data, which is recorded in documents and records. TechB strives to maintain data in accordance with the Act.
These documents and records are in several different formats, examples of which include, (but are not limited to) communications such as letters, emails and attendance notes; financial information including invoices, statements and reports; legal documents such as contracts; and information relating to vendors, applicants, buyers and other individuals taking an interest in our IT services.
For the purposes of this Policy, the terms ‘document’, ‘data’ and ‘records’ include information in both hard copy and electronic form.
In certain circumstances, it will be necessary to retain specific documents in order to fulfil statutory or regulatory requirements and also to meet justifiable operational needs. Document retention may also be useful to evidence events or agreements in the case of disputes, and also to preserve information which has historic value. TechB has developed this Policy with the intention of benefitting TechB and the data subjects to strike a careful balance between legal obligations, operational efficiency and retention of data for periods which are reasonable and appropriate in the circumstances.
TechB will retain some data and forms of information for longer than others. In line with principle 5 of the Act, information is not sought to be kept longer than is necessary.
The retention of all documents and records is impractical and appropriate disposal forms an important aspect of this Policy. Disposal will assist TechB to maintain sufficient electronic and office storage space and will de-clutter office accommodation. TechB operates a “paper light” approach to hard copy documents with the majority of records being retained electronically rather than as hard copies where possible.
A table containing the intended retention period is given for each relevant data category. The retention period applies to all records in that category default, and will be adhered to wherever possible, although it is recognised by TechB that there may be exceptional circumstances which require documents to be kept for either shorter or longer periods. In addition, it should be noted that, in line with the Act and TechB’s obligation to implement appropriate physical and technical security measures, the data and information held by TechB electronically is regularly and periodically backed up. These back up copies are maintained indefinitely and in accordance with TechB’s Security Policy to ensure the consistency and stable framework upon which TechB operates its business. On this basis these back up copies are unaffected by the retention periods for each relevant data category which form part of this Policy. The data set which forms part of each backup copy will be unaffected by the retention periods and action taken in line with the retention periods as referred to below.
Retention periods also apply to all formats of records, i.e. paper and electronic, unless specifically stated otherwise.
The primary factors that inform decisions on retention are:
Services provided to our customers.
Provision of IT Solutions and associated activities.
Our experience of when retention of information and data is likely to be beneficial to the data subject as relevant to the specific services they seek from TechB.
Legislative and regulatory requirements – for example compliance with the fifth data protection principle. Where relevant legislation is listed.
Informed and express consent of the data subject.
In our experience, data subjects are often keen to consent to TechB maintaining data and information beyond the periods referred to as part of this Policy. The reason and justification for these extended periods of retention, by way of example, can include:
Provision of extended record keeping services.
Removing an administrative burden from data subjects.
Enabling an ease of operation between TechB and the data subject.
Maintaining an ongoing business relationship, which may be limited to matters such as a data subject’s ongoing interest primarily in IT security, beyond the periods maintained as part of the Policy.
It is therefore not unusual for data subjects to provide free and unambiguous consent to TechB to retain data beyond the periods forming part of this Policy.
Data Retention Schedule - Summary
1. Purpose of this document
A vital part of TechB’s Data Protection Policy and practice is for personal data to be retained for the appropriate period of time – neither too long nor too short. It is TechB’s policy to retain all information only for as long as specified in the Data Retention Schedule and, in general, no longer than two years plus the current year.
This document is a summary of the Data Retention Schedule, and gives an indication of the categories of personal data held by TechB and the basis on which TechB often retains data and information for longer than the two years stipulated in the Policy.
2. Current plus two-year rule
Personal data is not usually held for more than two years after it ceases to be current, unless there is a specific reason for doing so (see below for the specific categories requiring different retention periods). The definition of current will vary according to the personal data: for example, it will mean a service contract has completed, or until a member of staff has ceased being employed by TechB where it relates to staff.
The ‘current plus two years’ rule is a target period for retention. If there is no need to keep the personal data that long, then it may be disposed of securely before the two years’ time-limit. TechB will aim to assess and update data held in accordance with this Policy on a quarterly basis which means the two-year plus current rule will ultimately be subject to this quarterly variance.
3. Exceptions to the two-year rule
This section gives a guide to the categories which have legislation determining the length of time for which personal data within that category should be retained. An indication is given to the main section of the Data Retention Schedule dealing with this category.
|Category||Examples & Retention period|
Agendas and minutes of meetings
|Data Protection requests||
Current year plus six years
from 6 months to 75 years
|Health and Safety records||
Retention Schedule Up to 50 years
Given our experience of document and data retention, TechB operates a Policy where usually data is firstly archived. Archived data can then either become live data on the basis of repeated operation or alternatively can lead to deletion of the data after the periods of retention forming part of this Policy. Data which is archived is held on the following basis:
Once data has been archived this means it will not be actively used by TechB. Unless the data becomes current and/or the data subject requests such data to become current.
Once data becomes current again the two year plus current year rule will be reapplied to such data.
Data which has been archived and remains archived for the period set out in the table below will then be destroyed or anonymised.
Data Retention periods (Detailed)
|Data Category||Records Held (type of data)||Retention Timescale years||Purpose of Retention||Action Following Retention||Legal Basis/Relevant TechB Policy|
|Payroll Records||Current Tax Year + 6||Legal Compliance||Destroy||HMRC Policy|
|Time Sheets||Current Year + 2||Consistent with Policy||Destroy||HR Policy|
|Salary Details||Current Tax Year + 6||Legal Compliance||Destroy||HRMC Policy|
|Overtime Records||Date of Termination + 3||Consistent with Policy||Destroy||HR Policy|
|P45||Current Tax Year + 5||Legal Compliance||Destroy||Taxes Management Act 1970|
|P60 Lists||Previous Year + 2||Consistent with Policy||Destroy||HR Policy|
|Annual Accounts||Previous Year +2+ Archive||Consistent with Policy||Permanent||Finance Policy|
|Monthly Financial Statements||Current Year + 2||Consistent with Policy||Destroy||Finance Policy|
|Internal Audit Reports||Current Financial Year + 2||Consistent with Policy||Destroy||Finance Policy|
|External Audit Reports||Previous Year + 2 + Archive||Consistent with Policy||Permanent||Finance Policy|
|Tax Documentation||Current Financial Year + 5||Legal Compliance||Destroy||Value Added Tax Act 1994|
|VAT Administration||Current Tax Year + 5||Consistent with Policy||Destroy||Finance Policy|
|Cheque Reconciliations||Creation until after Audit then 6||Consistent with Policy||Destroy||Finance Policy|
|Travel/Staff Expenses, etc.||Current Year + 5||Consistent with Policy||Destroy||Finance Policy|
|BACS prints||Current Financial Year + 3||Consistent with Policy||Destroy||Finance Policy|
|Legal Costs||Current Financial Year + 5||Consistent with Policy||Destroy||Finance Policy|
|Invoices||Current Year + 5||Consistent with Policy||Destroy||Finance Policy|
|Orders||Current Year + 5||Consistent with Policy||Destroy||Finance Policy|
|Purchase Records||Current Tax Year + 5||Consistent with Policy||Destroy||Finance Policy|
|Current Staff Details||Retain and check currency||Legal Compliance||Retain||CIPD Recommendation|
|Former Staff Details||Date of Termination + 6||Legal Compliance||Destroy||CIPD Recommendation|
|Staff Career Development Reviews||Retain for current staff. Former staff Termination + 2||Consistent with Policy||Retain/Destroy||HR Policy|
|Attendance Records||Date of Termination + 4||Consistent with Policy||Destroy||HR Policy|
|Occupational Health Reports||Date of Termination + 4||Consistent with Policy||Destroy||HR Policy|
|Employee Counselling Returns||Date of Termination + 4||Consistent with Policy||Destroy||HR Policy|
|Exit Interview Forms||Date of Termination + 1||Consistent with Policy||Destroy||HR Policy|
|Employment Tribunal Records||Date of Termination + 1||Consistent with Policy||Destroy||HR Policy|
|Personal and Domestic Leave Requests||Date of Termination + 2||Consistent with Policy||Destroy||HR Policy|
|Declaration of Outside Employment||Date of Termination + 4||Consistent with Policy||Destroy||HR Policy|
|Holiday/Leave Registers||Date of Termination + 2||Consistent with Policy||Destroy||HR Policy|
|Pension Documents||Date of Termination + 6||Consistent with Policy||Destroy||HR Policy|
|References||Date of Termination + 3||Consistent with Policy||Destroy||HR Policy|
|Disclosure Certificates (clear)||Record Receipt Only||Consistent with Policy||Destroy||HR Policy|
|Disciplinary Records||Date of Termination + 1||Consistent with Policy||Destroy||HR Policy|
|Grievance Records||Date of Termination + 1||Consistent with Policy||Destroy||HR Policy|
|Agency Worker CV||Active + 1||Consistent with Policy||HR Policy|
|Data held on HR System||Date of Termination + 6||Consistent with Policy||Destroy||HR Policy|
|Maternity Leave Requests||Current Tax Year + 3||Consistent with Policy||Destroy||HR Policy|
|Flexible Working Requests||Date of Termination + 2||Consistent with Policy||Destroy||HR Policy|
|Personnel Files||Date of Termination + 6||Consistent with Policy||Destroy||HR Policy|
|Training Records||Date of Termination + 6||Consistent with Policy||Destroy||HR Policy|
|Redundancy Details||Active + 6||Consistent with Policy||Destroy||HR Policy|
|Recruitment Documents||6 months||Legal Compliance||Destroy||CIPD Recommendation|
|Previous Employment Details Related to||6 months||Legal Compliance||Destroy||CIPD Recommendation|
|Successful Post Applications||Transfer to staff file||Legal Compliance||Transfer to staff file||CIPD Recommendation|
|Unsuccessful Post Applications||1 Year||Legal Compliance||Destroy||CIPD Recommendation|
|Interview Notes||1 Year||Legal Compliance||Destroy||CIPD Recommendation|
|Bank Details||Current Tax Year + 5||Consistent with Policy||Destroy||HR Policy|
|Health and Safety|
|Health and Safety Reports||Current Year + 5||Consistent with Policy||Destroy||H&S Policy|
|Health and Safety Records||40 (COSHH)||Consistent with Policy||Archive||H&S Policy|
|Legal Documentation||Permanent||Consistent with Policy||Archive||H&S Policy|
|Risk Assessment Reports||Year of Assessment + 3||Legal Compliance||Destroy||Management of Health and Safety at Work Regulations 1992|
|Accident Book||4 years from date of last entry||Legal Compliance||Archive||Legislation|
|Health and Safety Correspondence||Current Year + 5||Legal Compliance||Destroy||Legislation|
|Safety Training Records||Current Year + 6||Legal Compliance||Destroy||Legislation|
|Fire Safety Certificates||Permanent||Legal Compliance||Archive||Legislation|
|Fire Risk Assessment and Fire Plans||Active||Legal Compliance||Archive||Legislation|
|PPE Maintenance and Examination||Current Financial Year + 5||Legal Compliance||Archive||Legislation|
|LEV Monitoring||Current Financial Year + 6||Legal Compliance||Archive||Legislation|
|Lifting Operations - Examinations||Active||Legal Compliance||Archive||Legislation|
|Fire Occurrence Records||Current Year + 5||Consistent with Policy||Destroy||H&S Policy|
|Insurance Policies||12 years||Legal Compliance||Hold in Safe||Legislation|
|Employers Liability Claims||Permanent||Legal Compliance||Archive||Legislation|
|Building Plans||Permanent||Consistent||Available||Property Policy|
|Resource Management||Current Financial Year + 2||Consistent with Policy||Destroy||Property Policy|
|Legal Documentation||Permanent||Consistent with Policy||Archive||Property Policy|
|Waste Transfer Notes||Current Financial Year + 2||Legal Compliance||Archive||Legislation|
|Waste Consignment Notes||Current Financial Year + 3||Legal Compliance||Archive||Legislation|
|Business Continuity Plan||Active||Consistent with Policy||Archive||Property Policy|
|Security Information||Current Year + 5 years||Consistent with Policy||Destroy||Property Policy|
|Leased Property Files||End of lease + 5 years||Consistent with Policy||Destroy||Property Policy|
|Property Files||Current Financial Year + 5||Consistent with Policy||Destroy||Property Policy|
|Job Files||Current Financial Year + 5||Consistent with Policy||Destroy||Property Policy|
|Leases||End of lease + 5 years||Consistent with Policy||Destroy||Property Policy|
|CCTV recordings||28 days||Consistent with Policy||Destroy unless legally required||CCTV Policy|
|Record Management||Record Retention Schedules||Active + 6 years||Consistent with Policy||Destroy||Record Management Policy|
|Promotional Material||Current Year + Archive||Consistent with Policy||Archive||Marketing Policy|
|Public Relations||Current Year + Archive||Consistent with Policy||Archive||Marketing Policy|
|Community Liaison||Current Year + Archive||Consistent with Policy||Archive||Marketing Policy|
|Press Cuttings||Current Year + Archive||Consistent with Policy||Archive||Marketing Policy|
|Functional Specifications||Active + 2||Consistent with Policy||Destroy||IT Policy|
|Current Technical Specifications||Active||Consistent with Policy||Destroy||IT Policy|
|Operating Logs||Active + 1||Consistent with Policy||Destroy||IT Policy|
|Security||Current||Consistent with Policy||Destroy||IT Policy|
|Security Incident Report||Current Year + 5||Consistent with Policy||Destroy||IT Policy|
|Emails||Active + 2||Consistent with Policy||Destroy||IT Policy|
|Scanning Log||Deleted after three months||Consistent with Policy||Destroy||IT Policy|
|Annual Report and Accounts||Permanent||Legal Compliance||Archive||Corporate Policy|
|Quarterly Reports||Current Financial Year + 5||Legal Compliance||Destroy||Corporate Policy|
|Policy Documents||Active + 5||Legal Compliance||Destroy||Corporate Policy|
|Board Committee Papers||Current Year + 5||Legal Compliance||Destroy||Corporate Policy|
|Board Minutes||Permanent||Legal Compliance||Destroy||Corporate Policy|
|General Correspondence||Current Year + 5||Legal Compliance||Destroy||Corporate Policy|
|SMT||Senior Management Team Minutes||Current Year + 5||Legal Compliance||Destroy||Corporate Policy|
|Senior Management Team Papers||Current Year + 5||Legal Compliance||Destroy||Corporate Policy|
Last updated 30 April 2018