Scribd
Upload
73 views

DP 02 Data Retention Policy Sample - Redacted

This data retention policy outlines guidelines for retaining company records and personal data. It specifies retention periods for different types of data based on legal and business needs. The policy aims to comply with data protection laws by limiting storage of personal data. Records will be reviewed periodically and destroyed after their retention period unless needed for litigation or ongoing business purposes. Compliance is measured and exceptions must be approved to ensure the protection of personal data.

Uploaded by

howthowar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
73 views

DP 02 Data Retention Policy Sample - Redacted

This data retention policy outlines guidelines for retaining company records and personal data. It specifies retention periods for different types of data based on legal and business needs. The policy aims to comply with data protection laws by limiting storage of personal data. Records will be reviewed periodically and destroyed after their retention period unless needed for litigation or ongoing business purposes. Compliance is measured and exceptions must be approved to ensure the protection of personal data.

Uploaded by

howthowar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

DATA RETENTION POLICY

Version: [Version Number] Classification: Internal

[Company]

DATA RETENTION

POLICY

Retention of Information

Last Reviewed: [Last Reviewed] Page 1 of 8

Document Owner: [Document Owner]


DATA RETENTION POLICY

Version: [Version Number] Classification: Internal

2 Document Contents Page

1 Document Version Control ................................................................................... 2

2 Document Contents Page .................................................................................... 3

3 Data Retention Policy .......................................................................................... 5

3.1 Purpose ........................................................................................................ 5

3.2 Scope ............................................................................................................ 5

3.3 Principle ........................................................................................................ 5

3.4 Agreement of Retention Periods ................................................................... 6

3.5 Record of Retention Periods ......................................................................... 6

3.6 Expiry of Retention Period ............................................................................ 6

3.7 Suspension of Record Disposal in the event of litigation or claims .............. 7

4 Policy Compliance ............................................................................................... 8

4.1 Compliance Measurement .......................................................................... 8

4.2 Exceptions .................................................................................................. 8

4.3 Non-Compliance ......................................................................................... 8

Last Reviewed: [Last Reviewed] Page 3 of 8

Document Owner: [Document Owner]


DATA RETENTION POLICY

Version: [Version Number] Classification: Internal

4.4 Continual Improvement ................................................................................. 8

Last Reviewed: [Last Reviewed] Page 4 of 8

Document Owner: [Document Owner]


DATA RETENTION POLICY

Version: [Version Number] Classification: Internal

3 Data Retention Policy

3.1 Purpose

The purpose of this policy is to ensure that necessary records, documents, and

information of the company containing personal data are retained for no longer than

necessary for the purposes for which personal data are processed.

3.2 Scope

All employees and third-party users.

Personal Data as defined by GDPR.

3.3 Principle

The GDPR principle of Data Storage Limitation for personal data.

Last Reviewed: [Last Reviewed] Page 5 of 8

Document Owner: [Document Owner]


DATA RETENTION POLICY

Version: [Version Number] Classification: Internal

3.4 Agreement of Retention Periods

The relevant owners of the documentation as detailed in the asset register are

responsible for agreeing the data retention periods in line with legal, regulatory, and

business requirements.

Data retention periods are approved by legal counsel.

3.5 Record of Retention Periods

Retention periods are recorded in the Data Asset Register. Additional detail is

contained where applicable and appropriate in the Record of Processing Activities and

the Asset Register.

3.6 Expiry of Retention Period

When the retention target is reached, the information will be reviewed by relevant

owners of the documentation as detailed in the asset register to confirm that the

information is to be further retained or destroyed. It will be destroyed in line with the

Information Classification and Handling Policy if there is no further business, statutory

or historical reason to keep them or to select them for re review at a later date; either

because the business need is ongoing or because of potential historical value.

Last Reviewed: [Last Reviewed] Page 6 of 8

Document Owner: [Document Owner]


DATA RETENTION POLICY

Version: [Version Number] Classification: Internal

3.7 Suspension of Record Disposal in the event of litigation or

claims

Last Reviewed: [Last Reviewed] Page 7 of 8

Document Owner: [Document Owner]


DATA RETENTION POLICY

Version: [Version Number] Classification: Internal

4 Policy Compliance

4.1 Compliance Measurement

The information security management team will verify compliance to this policy

through various methods, including but not limited to, business tool reports, internal

and external audits, and feedback to the policy owner.

4.2 Exceptions

Any exception to the policy must be approved and recorded by the Information

Security Manager in advance and reported to the Management Review Team.

4.3 Non-Compliance

An employee found to have violated this policy may be subject to disciplinary action,

up to and including termination of employment.

4.4 Continual Improvement

The policy is updated and reviewed as part of the continual improvement process.

Last Reviewed: [Last Reviewed] Page 8 of 8

Document Owner: [Document Owner]

You might also like