02.14 – Data Storage, Retention and Disposal

<<organisation name>> complies with GDPR/GDPR and other relevant local laws, standards and guidelines regulating the retention and destruction of personal data, documents and information. As such, <<organisation name>> shall not keep personal data in a form that can identify data subjects for a longer than is necessary, in relation to the purpose(s) for which the data was originally collected.

The retention period for each category of personal data is set out in the Retention of Records Schedule along with the criteria used to determine this period including any statutory obligations <<organisation name>> has to retain the data.

Personal data must be disposed of securely in accordance with the principle of the GDPR/GDPR – processed in an appropriate manner to maintain security, thereby protecting the “rights and freedoms” of data subjects. Any disposal of data will be done in accordance with the Secure Disposal Procedure.