Appropriate policy document
Retention and destruction of personal data
Personal data is held and disposed of in line with our record retention and disposal schedule. When disposing of information, we make sure this is carried out securely by using physical destruction methods as well as electronic data deletion.
Our record of processing activities register contains details of the retention periods for the personal data that we process, our data processing activities, together with information on the lawful basis for processing this data. If information is not retained or deleted in line with the policy then the reason is recorded in the record of processing activities.
Responsibility for the processing of special category and criminal data
All employees are required to comply with our information governance policies when processing personal data and to ensure that any processing of the personal data is carried out legally, fairly and transparently. Information asset owners are responsible for ensuring that systems and processes under their control comply with current data protection legislation and that personal data is processed in accordance with the data protection principles.