Click to view the latest updates on our services.  Service Status Update.

contact call08003764422


Restore Datashred News

How long should you keep confidential documents before disposal?
/ Categories: Datashred News, February

How long should you keep confidential documents before disposal?

As we creep ever closer to the GDPR deadline, businesses are likely to have plenty of questions about the implications that the new General Data Protection Regulations will have on the storage and destruction of confidential data.

In our GDPR Mythbusting email series, we look at some of the confusing aspects surrounding the regulations; one of them being consent in relation to compliance.

Attaining consent is very important but retaining confidential data and knowing how long you are legally obliged to store it before disposing of it is just as vital.

With that in mind, we thought we’d take some of the information and advice from our guide to managing information in the public sector to address the rules surrounding confidential document disposal.

Records & Information Management

When it comes to managing information and records, it’s important to understand correctly what constitutes material that legally must be kept for specific lengths of time before being destroyed or stored in perpetuity.

Whether it’s stored digitally or physically, it’s vital that data controllers and data processors ensure that storage and destruction is appropriate to the sensitivity and confidential nature of the material.

It should be accessible and easily traced, retained for as long as legally necessary and then disposed of correctly.

Why is Confidential Document Disposal So important?

Not managing records correctly will not only leave an organisation open to prosecution and financial penalties but also potentially damage their reputation.

A clear strategy for the planning, organising and controlling of each stage of a record’s life will result in immediate benefits for any business.

From creation to storage and the eventual destruction of a record, following the correct procedures should result in cost savings, improved efficiency, more control, an enhanced reputation and an increase in customer and staff satisfaction.

What to keep and when: Public Sector Organisations

Public sector organisations and departments have specific criteria for the retention, storage and destruction of specific records.

A record can be identified if its content;

  • Contributes to the policy or decision-making process, any actions taken or changes to policies or procedures
  • Has financial or legal implications
  • Is needed to support and help the running of the organisation
  • Has been approved by or reported to another individual or internal/external body
  • Sets a precedent or contains something unique of historical interest
  • Had to be created as a result of specific legislation

If none of the above apply, it is not a record and can be destroyed when it is no longer required.

What should be kept and when should it be destroyed?

This will vary depending on the content of the record.

Broadly speaking, records will come under one of the following areas;

  • Policy, Governance & Development
  • Information Requests
  • Ministerial Business
  • Projects & Research
  • Stakeholder Management
  • Administration

You can find specific examples and more information in our Guide to Managing Information.

Checklist for Confidential Document Disposal

In order to ensure that the correct procedures are being met, support from senior management is essential. Ask yourself;

  • Where is information currently being held?
  • What value does this information have?
  • How long should it be kept?
  • Are relevant people in the business aware?
  • What is the trigger points for disposal?
  • Is disposal built into your digital systems?
  • Do you have a deletion policy?
  • Is there a regular review process?

Awareness of what records an organisation has, how long they should be stored and at what point they should be destroyed or disposed of will help to reduce the potential risk of a data breach and the reputational harm it could cause.

If you work for a public sector organisation or department, and you’d like to find out how you can improve the disposal of confidential documents, DOWNLOAD OUR GUIDE NOW, or contact the team at Restore Datashred.