Introduction

This Retention (“Policy”) applies to System People Ltd.

This Policy covers all electronic records.
For the purpose of this Policy, the terms ‘document’ and ‘records’ refer to electronic formats.

In certain circumstances it will be necessary to retain specific records in order to fulfil statutory or regulatory requirements and to meet operational needs. Any retention of specific records should be retained under the retention period specified in Retention of Records Schedule 1 and Retention of Digital Records Schedule 2.

Scope

System People is bound by various obligations with regard to how electronic data is retained. These obligations include the period of retention for Documentation and when and how this Documentation is disposed.
Article 5 of GDPR provides “personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed”. The purpose of this Policy is to ensure that necessary records, documents and electronic data of System People are adequately protected, archived and disposed of at the correct retention period, and to provide all staff with clear instructions regarding the appropriate retention and disposal of Documentation.

Legal Obligation

  • General Data Protection Regulation (GDPR)
  • Data Protection Act 1998 (DPA)
  • Freedom of Information Act 2000 (FOI)
  • Limitation Act 1980
  • Companies Act 2006
  • The Waste Electric and Electronic Equipment Regulations 2013

Retention Procedure

All decisions relating to the retention and disposal of Documents should be taken in accordance with this Policy, in particular;
Schedule 1 – Retention of Digital Records – Provides the required retention periods for all digital Documents.
In circumstances where a retention period of a specific document has expired, a review should always be carried out prior to a decision being made to dispose of the record.

Retention of Encrypted Data

Any information retained under this Policy that is in an encrypted format, consideration must be taken for the secure storage of any encryption keys. Encryption keys must be retained as long as the data that the keys decrypt is retained.

Retention of Digital Data

All email files are retained in Outlook for 5 years. Client information is stored in sharepoint retained for 5 years.
The process for accessing stored electronic data is through a unique log-in, only possessed by System People employee

Archiving and Retention of Documentation

Archiving is defined as the process by which inactive data, in any format is securely stored for long periods of time in accordance with a retention schedule.
Archived data is kept securely in a separate drive on the server which is only accessible by password allocated to named staff.

Disposal of Records

Any record containing confidential information must either be disposed by using dedicated shredding software.
Disposal of data that does not contain confidential information may be disposed of by normal deletion.
Records of disposal should be maintained by each department and should detail as a minimum the document or information disposed of, the date of disposal.
Disposal of Electrical Hardware

IT equipment and devices that have the ability and capability to store personal data include:

  • PCs
  • Laptops
  • Mobile Phones
  • Multi-Functional Devices E.g. Printer, Scanner
  •  Servers
  • USB Memory Stick/External Hard Drive

IT equipment disposal must be managed so that local machine hardrives are deleted by dedicated shredding software.
All computer equipment, recycling or refurbishing must be disposed of in accordance with the Waste Electric and Electronic Equipment Regulations 2013.

Document Owner

The Manging Director is the owner of this Document and is responsible for ensuring that this Policy is reviewed in line with the review requirements of GDPR.

Schedule 1 – Retention of Digital Records Schedule

Record Type Retention Period Retention Justification Operating System Application/Hardware Requirement Disposal Method
Email 5 Years Legitimate Interest Outlook Server/Office PC/Laptop Auto Delete
Client Records ESF 9 Years Contract Sharepoint Server/Office PC/Laptop Manual Review and Deletion
Client Information 3 Years Consent/Legitimate Interest Sharepoint Server/Office PC/Laptop Manual Review and Deletion
Personnel Records 7 Years Legitimate Interest/Legal Obligation SharePoint Server/Office PC/Laptop Manual Review and Deletion

"We find the team at SP Training to be highly experienced, knowledgeable and a pleasure to deal with. Their understanding of our training needs and the logistics sector in general is second to none. With an innovative and flexible approach to our requirements this makes them an ideal business partner and our training provider of choice."

Neil Robinson, Director – Tyson H. Burridge

Subscribe for our latest offers and updates