One Size will NOT fit all…
Having a robust Retention Policy and Retention Schedule is key toward your GDPR compliance. You can only retain personal data for as long as it is needed for the purpose for which it was collected, or to comply with a legal obligation. As such, you will need a mechanism to allow you to think how long data will be retained for and what will happen to it when the retention period expires
This document template is a generic template that you will need to edit – but it gives you a framework to build upon. All staff need to be aware of this policy so that personal data is not retained either for longer than it should be, or somewhere it shouldn’t be.
Simply amend to include your header, footer, logo and some other key pieces of information (such as contact details etc.) you may also have to delete sections that are NOT relevant to your business. You may also need to refer to any regulatory bodies or organisations to whom you report or are members of to get further guidance on ‘best business practice’ for the retention of certain data sets, i.e. HMRC or FCA for financial information, CIPD for personnel records etc. The current schedule on the document is for guidance only and accurate at the time of distribution.