The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Retention schedule

You have an appropriate retention schedule outlining storage periods for all personal data, which you review regularly.

Ways to meet our expectations:

  • You have a retention schedule based on business need with reference to statutory requirements and other principles (for example the National Archives).
  • The schedule provides sufficient information to identify all records and to implement disposal decisions in line with the schedule.
  • You assign responsibilities to make sure that staff adhere to the schedule and you review it regularly.
  • You regularly review retained data to identify opportunities for minimisation, pseudonymisation or anonymisation and you document this in the schedule.

 Can you answer yes to the following questions?

  • Are staff aware of the retention schedule?
  • Do they adhere to it?
  • Could staff explain what their responsibilities are and how they carry them out effectively?