Documentation retention – crucial for compliance
All businesses must keep personnel and financial records in order to run efficiently and comply with statutory requirements. The type of record will determine the length of time the record must be kept for. It is a wise idea for any business to create a data retention policy (also known as a records management policy or document retention policy) to describe how it expects to manage data, from creation through to disposal. A document retention policy and retention schedule can also help a controller to demonstrate its compliance with UK GDPR and the Data Protection Act 2018.
Key points to remember:
- All records must be kept in accordance with data protection laws. Extra care should be taken with ‘special categories of personal data’, i.e. data relating to a data subject’s racial or ethnic origin, political opinions, health, sex life and sexual orientation, or criminal records.
- Businesses collecting personal data must register with the Information Commissioner’s Office.
- You are not required to keep the original of all documents – copies can be stored but they must be stored in writing, including in electronic format.
- If erasing or destroying records, then destruction must be done securely
For a full list of documents which SMEs need to retain, download the list in the guide below.
Farringford Legal is your growth partner, providing affordable, expert legal services across England & Wales with a client-centric, entrepreneurial approach. We are not just lawyers; we are allies in your business journey, adapting as your business evolves, deeply trustworthy, always responsive.
www.farringfordlegal.co.uk | info@farringfordlegal.co.uk