GDPR Focus : Retention of Personal Information

Have you considered how long you should be retaining data for in your organisation. There are strict rules around this, and every organisation is different. The GDPR states that everyone responsible for using personal data must follow 6?'data protection principles' and two of these rules highlighted below relate to retention .

These principles detail that information is:

1. Used fairly, lawfully, and transparently.
2. Used specifically, for explicit purposes.
3. Used in a way that is adequate, relevant and limited to only what is necessary.
4. Be accurate and, when necessary, kept up to date.
5. Kept for no longer than is necessary.
6. Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.

The data protection provisions apply to manual files as they do electronic information. There are additional and stricter controls on the processing of ‘sensitive personal data’, such as data from which a subject’s racial group can be identified.

Do you know how long you should be storing your client data for and does this match what is happening?

The British Security Industry Association have a useful guide that breaks down how long different company records should be retained.?https://www.bsia.co.uk/ If you have any concerns on backing up and retaining your digital records please contact JTec IT Ltd. We will make sure that your electronic back-ups are fit for purpose, that you are operating within the law, and that you are mitigating identity fraud and corporate identity theft. #itstorage #itsupport #bsia