Data Retention & Data Protection Policies
Our GDPR updates continue this month with the addition of an all-new Data Retention Policy template and updates to our GDPR-compatible Data Protection Policy templates. These documents and more can be found in our all-new GDPR & Data Protection Group.
New Data Retention Policy
The GDPR places important controls on the retention of personal data. Once you have cleared the many hurdles to collecting and processing it in the first place, further rules govern how long you can keep it.
Personal data must not be retained for any longer than is necessary in light of the purpose or purposes for which it was originally obtained. Not only that, but individuals have various grounds on which they can require you to delete or otherwise dispose of any personal data you hold about them (often referred to as “the right to be forgotten”).
Not only does minimising data retention help to bolster your GDPR compliance, but it can also pay dividends when it comes to business efficiency. The less data you hold on to, the easier it is to find that which you still need, and the cheaper it will be to store everything.
Our new Data Retention Policy provides an overview of key legal principles set down by the GDPR, and – most importantly – sets out the limits that apply to your business’s retention of personal data, the criteria by which those limits are set, and the methods to be used when disposing of the data.
Updated Data Protection Policies
As a document subject to on-going review, our GDPR Data Protection Policy has received several updates including clearer provisions on technical data protection measures, new detail governing “special category” personal data (formerly known as “sensitive personal data” under the Data Protection Act), and adjustments and cross references to our new Data Retention Policy.
The “Employee version” of our Data Protection Policy has now also received the GDPR treatment and, in addition to being available in the Employment document folder, is also available in the new Business GDPR & Data Protection Group.
More to Come!
The GDPR edges ever closer and we still have more in store. Next month will see the publication of our Data Protection Impact Assessment – an essential ingredient in the “Privacy by Design” approach championed by the GDPR. Also look out for our new Subject Access Request toolkit to assist both data subjects and businesses in making and handling data subject access requests.
The contents of this Newsletter are for reference purposes only and do not constitute legal advice. Independent legal advice should be sought in relation to any specific legal matter.