Data retention policy

This management-level data retention policy should be used to codify the policies and procedures of an organisation in relation to the archiving and deletion of data. The driving force behind the adoption of many retention policies is the General Data Protection Regulation (GDPR), but the suggested drafting in this document covers non-personal as well as personal data.

To make effective use of this policy, you will need to categorise the data concerned. The policy includes some suggested categories, but the best categorisation scheme will vary from organisation to organisation. With respect to each category (and where applicable sub-category) of data, the following issues should be considered: (i) the periods for archiving the data; (ii) the methods of archiving the data; (iii) the periods for deleting/destroying the data; and (iv) the methods of deletion/destruction.

Under the GDPR, there are general obligations to minimise the processing of personal data and to retain personal data only for so long as necessary for the purpose or purposes for which it was collected. Data retention periods will, however, be affected by other legal requirements. For example, employment law and tax law both include minimum data retention requirements. There are also a range of sector-specific laws and codes of practice affecting data retention.

One general consideration when determining data retention periods (including archiving periods) is the possibility that data may be needed to pursue or defend legal proceedings. Limitation periods - the periods during which a claimant may pursue a claim following the accrual of that claim - are frequently relevant and often decisive when setting minimum retention periods.

Some categories of data will need special treatment. For example, data disclosed by third parties under confidentiality agreements will often be subject to specific contractual treatment rules. Similarly, personal data with respect to which the organisation is a processor (as opposed to a controller) will be subject, under a GDPR-compliant data processing agreement, to deletion obligations after the completion of the relevant services.

Because the appropriate data retention periods will vary significantly from organisation to organisation, this data retention policy does not suggest specific periods. Rather, it provides a framework for specifying those periods. Given the diversity and complexity of the issues affecting retention periods, you are likely (even if you are a lawyer) to need to take specialist legal advice on some or all aspects of retention periods when editing this data retention policy.

Where the organisation is acting as a controller in relation to personal data, then retention periods, or the basis of calculating retention periods, should also be disclosed directly to data subjects. Accordingly, you should review your organisation's privacy policies and data protection information notices once retention periods have been decided.

As this is a management-level policy, it is not designed to form part of a staff handbook.

Ask about this document

Data retention policy contents

Introduction: purpose of data retention policy; background to data retention policy.
Definitions: definitions (appointed person, deletion).
Data retention, archiving and deletion: obligation to archive and delete data; exceptions to data archiving periods; exceptions to data deletion periods; legal hold instructions.
Data subject to contractual deletion obligations: categories of data that are subject to contractual deletion obligations; deletion of confidential information; deletion of processed personal data; register of contractual deletion obligations.
Default archiving and deletion methods: default archiving methods; default deletion methods.
Reviewing and updating
this policy
: persons responsible for reviewing and updating
policy
; annual review of
policy
; ad hoc review of
policy
; matters to be considered during review of
policy
.

SCHEDULE 1 (DATA RETENTION PERIODS)

Introduction: Introduction to data deletion periods; order of precedence of sections in part.
Permanent data: retention and archiving: definition of permanent data; no deletion of permanent data; archiving periods for sub-categories of permanent data; archiving methods for permanent data.
Corporate data: retention, archiving and deletion: definition of corporate data; storage of corporate data; archiving periods for corporate data; archiving periods for sub-categories of corporate data; archiving methods for corporate data; deletion periods for corporate data; deletion periods for sub-categories of corporate data; deletion methods for corporate data.
Accounting data: retention, archiving and deletion: definition of accounting data; storage of accounting data; archiving periods for accounting data; archiving periods for sub-categories of accounting data; archiving methods for accounting data; deletion periods for accounting data; deletion periods for sub-categories of accounting data; deletion methods for accounting data.
Payroll data: retention, archiving and deletion: definition of payroll data; storage of payroll data; archiving periods for payroll data; archiving periods for sub-categories of payroll data; archiving methods for payroll data; deletion periods for payroll data; deletion periods for sub-categories of payroll data; deletion methods for payroll data.
Health data: retention, archiving and deletion: definition of health data; storage of health data; archiving periods for health data; archiving periods for sub-categories of health data; archiving methods for health data; deletion periods for health data; deletion periods for sub-categories of health data; deletion methods for health data.
Employee data: retention, archiving and deletion: definition of employee data; storage of employee data; archiving periods for employee data; archiving periods for sub-categories of employee data; archiving methods for employee data; deletion periods for employee data; deletion periods for sub-categories of employee data; deletion methods for employee data.
Property data: retention, archiving and deletion: definition of property data; storage of property data; archiving periods for property data; archiving periods for sub-categories of property data; archiving methods for property data; deletion periods for property data; deletion periods for sub-categories of property data; deletion methods for property data.
Intellectual property data: retention, archiving and deletion: definition of intellectual property data; storage of intellectual property data; archiving periods for intellectual property data; archiving periods for sub-categories of intellectual property data; archiving methods for intellectual property data; deletion periods for intellectual property data; deletion periods for sub-categories of intellectual property data; deletion methods for intellectual property data.
Insurance data: retention, archiving and deletion: definition of insurance data; storage of insurance data; archiving periods for insurance data; archiving periods for sub-categories of insurance data; archiving methods for insurance data; deletion periods for insurance data; deletion periods for sub-categories of insurance data; deletion methods for insurance data.
Contract data: retention, archiving and deletion: definition of contract data; storage of contract data; archiving periods for contract data; archiving periods for sub-categories of contract data; archiving methods for contract data; deletion periods for contract data; deletion periods for sub-categories of contract data; deletion methods for contract data.
Supplier data: retention, archiving and deletion: definition of supplier data; storage of supplier data; archiving periods for supplier data; archiving periods for sub-categories of supplier data; archiving methods for supplier data; deletion periods for supplier data; deletion periods for sub-categories of supplier data; deletion methods for supplier data.
Customer data: retention, archiving and deletion: definition of customer data; storage of customer data; archiving periods for customer data; archiving periods for sub-categories of customer data; archiving methods for customer data; deletion periods for customer data; deletion periods for sub-categories of customer data; deletion methods for customer data.
Service data: retention, archiving and deletion: definition of service data; storage of service data; archiving periods for service data; archiving periods for sub-categories of service data; archiving methods for service data; deletion periods for service data; deletion periods for sub-categories of service data; deletion methods for service data.
Electronic communications data: retention, archiving and deletion: definition of electronic communications data; storage of electronic communications data; archiving periods for electronic communications data; archiving periods for sub-categories of electronic communications data; archiving methods for electronic communications data; deletion periods for electronic communications data; deletion periods for sub-categories of electronic communications data; deletion methods for electronic communications data.
Residual data: retention, archiving and deletion: definition of residual data; storage of residual data; archiving periods for residual data; archiving periods for sub-categories of residual data; archiving methods for residual data; deletion periods for residual data; deletion periods for sub-categories of residual data; deletion methods for residual data.

Data retention policy document editor preview

This is a shortened preview of the editor interface; once you create your instance you'll be able to edit the full document in our online editor.

This is a shortened preview of the DOCX output; once you create your instance you'll be able to download the full document in PDF, HTML, RTF and/or DOCX (Microsoft Word) format.

Which licence should I choose?

Version	1.0
First published	22 Mar 2018
Last updated	23 Mar 2018
Law	English law and EU law
Language	English (UK)
^†Word count	6,563
^†Template pages	17

† These figures are approximations.

Data protection law Law of confidence Industry Policy

	Free licence	Standard licence	Extended licence	Professional licence
Number of document instances	1	1	5	25
Number of websites or digital products	1	1	5	25
Sub-licences permitted	None	1	5	25
Document licence period	No expiry	No expiry	No expiry	No expiry
Credit for Docular	Yes	No	No	No

Number of document instances

Document templates are the products available for sale on this website; whereas document instances are "clones" of the templates, which you can edit using Docular's online editor and export from the website.

We will update our document templates from time to time, but this will not affect your document instances. When you create a document instance, it will be based upon the latest version of the underlying document template at the time of creation of the instance, irrespective of your date of purchase.

You can save your document instance to our servers at any time, and return to editing later. Once you are happy with your editing, you can export the document and save it to your computer.

Number of websites or digital products

The licences include numerical limits upon: (a) the number of websites (including cloud services) on which documents may be published; and (b) the number of digital products (such as software programs) with which documents may be distributed.

Sub-licences permitted

All of our paid licences allow you to sub-license to a client of yours the right to use a document created using Docular.

When you sub-license that right, it becomes attached to the particular client. The number of sub-licences you may grant is numerically limited and, again, the limitation corresponds to the document instance limitation.

Document licence period

This is the period of the licence to use documents created using and exported from the Docular online editor. In short, the licences do not expire. There are no ongoing licence fees.

Credit for Docular

Each free template includes a textual credit for Docular (eg "this document was created using Docular") and you must retain that credit in all versions of the document.

Legal T&Cs

For full details of the licensing rules governing the use of Docular templates, instances and exports, see our terms and conditions.

Data retention policy

Data retention policy contents

Related documents