T-000005 – Retention and deletion
IT and Finance department required
1. How long do you keep personal data for? Attach retention policy. This will vary for different types of personal data, refer to data assets where this has been specified.
2. Time justification – what is your justification for keeping data for this length of time? Eg. HMRC guidelines /companies house guidelines. Refer to data assets.
3. Data deletion process – processes for deleting data? Attach a retention / disposal policy.
4. Data retention – need clear policy and process for implementing. Attach retention policy use data assets / reminders and tickets to adhere to the policy. Refer to data assets with reminders for checking / updating and removing data from systems in line with your policy.
5. Data treatment – if keeping data for long periods of time, how do you anonymise / encrypt data so that personal data is not recognisable? If this is something your business needs to do, how is it done?