GC processes and stores large amounts of data, including personal data, confidential data and non-confidential data. This data is stored in both hard copy form and cloud-based storage.
Storing data for long periods of time can impact the business in several ways, for example costs of paper-based archive solutions, cost of cloud-based storage solutions and the legal implications of storing personal data for longer than is required. The UK GDPR states that personal data should not be held longer than is necessary and non-compliance can result in fines from the Information Commissioner’s Office (ICO).
The data we hold may have retention periods defined by the contract it relates to, however not all data we hold is contract specific.
In order to help identify the correct retention period for your data, a GC Group Retention and Destruction Policy is available on Sharepoint. If you need further information on how long your documents are required to be retained, please speak to the contract manager or your Data Lead.
What do I need to do?
All colleagues are required to review their OneDrives, shared drives, email and hard copy files (including archive files) and delete/destroy documents that are no longer required.
Please set time aside each week for this initial data cleanse and then ensure regular reviews are conducted of all storage locations.
What is Personal Data:
Things to think about:
Documents that contain personal data - CVs, client lists, contact lists, photographs – are these required, are they saved elsewhere?
Email – this should not be used as additional storage. Documents should be saved in the appropriate folders.
Email habits – get into the habit of deleting/filing emails. Delete emails which are not important such as arranging of meetings. Delete accept/decline/tentative responses as soon as received. Don’t copy yourself in to emails you send, this is duplicating storage. Delete any marketing emails from external sources which are not relevant to you or report them as junk, they will be removed from your inbox and put in your junk folder.
OneDrive – ensure you are not retaining any documents that are no longer needed. For example, CV’s from a recruitment drive, these will be held by HR and should not be retained by you.
Shared drives – is the data held here still required? Do you have multiple draft versions of a document which can now be deleted?
Contract specific documents – these need to be retained in line with the retention period stated in the contract, if you are unsure, please refer to the contract or check with the contract manager. Ensure all documents are saved in the correct contract folders on the U drive rather than stored in OneDrives or email.
Data in archive – review archive lists and destroy boxes that are no longer needed or have reached their destruction date. Ensure data held in archive has the correct destruction date and isn’t being held longer than necessary.