Data Retention Policy

Page
The Data Retention Policy should be read in conjunction with the following Data Processing Principles:
Personal Data should be processed lawfully, fairly and in a transparent manner in relation to the data subject.
It should be collected for specific, explicit, and legitimate purposes.
It should not be further processed in a manner that is incompatible with those purposes.
Personal Data should be kept in a form which permits identification of the data subject.
For no longer than is necessary
And for the purposes for which the personal data is processed.
Personal data should be adequate, relevant, and limited to what is necessary for the purpose for which it is processed. This requires, in particular, ensuring that the period for which the personal data are stored is limited to a strict minimum.
Every reasonable step should be taken to ensure that personal data which is inaccurate is rectified or deleted.
Personal Data should be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
Personal data may be stored for longer periods insofar as it will be processed solely for:
Archiving purposes in the public interest.
Archiving for scientific, historical research, or statistical analysis.

 


1.0 Introduction and Background
1.1 This Data Retention Schedule attempts to identify processes which records support, rather than identifying individual types of records. This is for two reasons:
1.1.1 to make the retention period apply to all records independent of any format i.e. the same rules apply to a paper file, an e-mail, or another electronic document / digital file; and
1.1.2 to allow flexibility in developing the schedule to cover new processes and amend existing ones over time.
1.2 The Data Retention Schedule is intended to cover the lifecycle of records and information from creation through to destruction or permanent preservation.
1.3 Records intended for destruction under the Data Retention Schedule may be destroyed in accordance with the provisions of this schedule. Backup copies stored on alternative media (server/microfilm/paper) should also be destroyed. Typical methods to destroy electronic records, which include holding media such as optical, magnetic, and solid-state storage, include overwriting, degaussing and physical destruction. A record of data destruction shall be maintained and held as a permanent record. This is vital to ensure compliance with the requirements of data protection laws.
2.0  Limitation of Scope
2.1 Very few types of records have specified time periods for retention in law or in official government guidance. Where such advice exists, it is included in this Data Retention Schedule. Where advice does not exist, the Diocese as the Data Controller will decide how long records are to be retained.
3.0  Objectives of the Retention Guidelines
3.1 The aims of the Data Retention Schedule are to:
3.1.1 prevent the premature destruction of records that need to be retained for a specified period to satisfy legal, financial, and other requirements of public administration.
3.1.2 provide consistency for the destruction of those records not required permanently after specified periods in order to reduce the costs of unnecessary storage.
3.1.3 promote improved records management practices within the Diocese which gives confidence that when information is destroyed it is done so according to well-considered rules.
3.1.4 create space following procedures to ensure the timely destruction of records.
3.1.5 assist in identifying records that should be preserved permanently as part of the Diocesan Archive; and
3.1.6 assist in identifying what data (as opposed to what documents) should be retained to ensure that the principle of data minimisation is adhered to.
3.2 Responsibility
3.2.1 It is the responsibility of all staff, clergy, and volunteers to follow the guidance provided in the Data Retention Schedule and to ensure that proper records management practices are implemented.
3.3 Destruction of Records
3.3.1 Whenever there is the possibility of litigation, the records and information that are likely to be affected should not be amended or disposed of until the threat of litigation has been removed.
3.3.2

Records that are currently (or likely to be in the future) the subject of a request or appeal under data protection laws must not be destroyed until that request or appeal has been completed.

3.3.3

Destruction should be carried out in a secure manner utilising the expertise of external waste management and document destruction providers where appropriate, as well as ensuring that redundant or discarded IT equipment is securely wiped or destroyed.

4.0 General and Miscellaneous Records
4.1 There are some records that do not need to be kept at all, which may be routinely destroyed. However, this Data Retention Schedule must still contain reference and instructions referring to them.
4.2 This usually applies to information that is duplicated, unimportant or only of short-term value. Unimportant records or information include:
4.2.1 ‘with compliments’ slips.
4.2.2 printed catalogues and trade journals.
4.2.3 telephone message slips.
4.2.4 non-acceptance of invitations.
4.2.5 trivial electronic mail messages or notes that are not related to Diocesan or parish business.
4.2.6 requests for stock information.
4.2.7 out-of-date distribution lists.
4.3 Duplicated and superseded material such as manuals, drafts, forms, address books and reference copies of annual reports may be destroyed under this rule. Electronic copies of documents where a hard copy has been printed and filed, and paper faxes after making and filing a photocopy, are also covered.
5.0  Reviewing the Schedule
5.1 This schedule will be regularly reviewed by the Diocesan Chancery and updated to ensure that the Diocese is complying with the latest legal advice.
6.0  Diocesan and Parish Retention Guidelines
6.1 The retention schedule below is structured according to Diocesan and Parish functions:
7.0  Your Rights
7.1 You have rights in respect of the Personal Data you provide to us. In particular:

 

Diocesan Retention Period
Chancery
– Clergy records/files
– Marriage Registers
– ‘Briefer Process’ Annulments
– UK Visa & Immigration Records
– GDPR: – Subject Access Requests
.
Archive/historical record
Archive/historical record
Archive/historical record
Three years
Five years
Finance
– Payroll – Tax Data/P45’s
– Annual budgets
– OSCR
– Bank statements
– Invoices/payments
– Gift Aid records
.
six years + current year
six years + current year
six years + current year
six years + current year
six years + current year
six years + current year
Administration
– Episcopal correspondence
– Parish Census
– Diocesan Statistics
– Minutes of Fabric Committee
– Minutes of Finance Committee
– Minutes of Management committee
.
Archive/historical record
Archive/historical record
Archive/historical record
Archive/historical record
Archive/historical record
Archive/historical record
Safeguarding
– Case files
– DSAT Minutes
– PVG records/safeguarding database
.
Archive/historical record
Archive/historical record
Reviewed annually & updated or deleted
Parish Retention Period
Finance
– Payroll – Tax Data/P45’s
– Annual budgets
– Bank statements
– Invoices/payments
– Gift Aid records
.
six years + current year
six years + current year
six years + current year
six years + current year
six years + current year
Administration
– Parishioner contact details
.
– Marriage Registers
– Baptism/Confirmation Registers
– Marriage Archives
– Minutes of Parish Council
– Minutes of Finance/Fabric Committee
.
Reviewed annually & updated or deleted
Archive/historical record
Archive/historical record
.
Archive/historical record
Archive/historical record
Archive/historical record
Safeguarding
– Volunteer records
.
Reviewed annually & updated or deleted