To Keep or Not to Keep

Baby boomers like myself tend to hoard clothes. We were born in a time during the postwar era when new clothes were a luxury and people saved their good clothes for Sundays when they would wear their “Sunday Best”. I remember sowing my laddered tights! It was definitely not the disposable society we have today. Perhaps that has resulted in so many of us tending to hoard.

Data is a very valuable asset and some describe it as the new oil. However, just because it is valuable, does this mean we should hang on to that data “....just in case”.

Whilst the UK GDPR does not prescribe how long data should be retained, it does lay down two main principles.

The first principle is the data minimisation which states the requirement to limit data to what is necessary and not to retain more than is required for that purpose.

The second principle is the storage limitation principle which states that we must not keep data for longer than is necessary. The concept of ….”just in case” is not permitted!

We have to consider why we are holding data and must be able to justify it with a legal basis. Sometimes it is a statutory obligation and other times it is best practice. All schools should have a data retention policy which includes a schedule of all the data held along with the relevant timeframe and the justification for retaining it.

There are risks to schools who fail to adhere to the above principles:

Breach of retention period
Breach of data minimisation principle
Breach of storage limitation principle
Breach of purpose limitation principle
Contractual breaches
Personal data breach
Ransomware attack
Enforcement action
SARs - complaint re data still being held

All of the above risks apply to data which is held in paper format as well as electronically. Organisations including schools are required to keep data accurate, provide individuals with the option to have their data rectified and also in certain circumstances to facilitate the right to be forgotten. Therefore, although data is certainly an asset, it can also be considered a liability.

At our termly Brunch & Discuss Data Protection User Group held at Boardman House last week, we covered this subject from a number of aspects. Tom Alexander spoke about the retention of HR records. We also had a guest speaker, Julie Halliday who worked for many years as a school business manager in Newham, most recently at Gallions Primary School. Julie spoke about how she and Nicky Harman transformed Gallions into a truly paperless office and explained the huge benefits the school in terms of efficiencies and cost savings.

Cookie	Duration	Description
ARRAffinity		This cookie is set by websites that run on Windows Azure cloud platform. The cookie is used to affinitize a client to an instance of an Azure Web App.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_129094303_2	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.

Cookie	Duration	Description
ARRAffinitySameSite	session	No description available.
WFESessionId	session	No description available.

Journal

Journal

To Keep or Not to Keep

You might also like

JOIN OUR COMMUNITY

Our Partnerships

Our Partnerships

Airthings

NPW-LGfL recognised support

Citation