Data Retention Policy
- POLICY STATEMENT
There are various legal requirements as set out by law, within the GDPR Regulations and professional guidelines about keeping certain kinds of records – such as information needed for income tax and audit purposes, or information on aspects of health and safety.
The GDPR does not set out any specific minimum or maximum periods for retaining personal data. Instead, it says that by law Hyman Capital Group will have to ensure that personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
In practice, it means that the company will need to:
- Review the length of time personal data is kept;
- Consider the purpose or purposes the information is held for in deciding whether (and for how long) to retain it;
- Securely delete information that is no longer needed for this purpose or these purposes; and
- Update, archive or securely delete information if it goes out of date.
Any data held centrally using OneDrive. This is encrypted and password protected and certain information is held on a need to know basis. This means that only required members of the Company have access to the data.
- SCOPE
Data shall be retained in accordance with the periods detailed in this policy.
The periods in this policy relating to finance records are taken from a number of sources which include Buzzacott’s Insights document on “Retention of Accounting Records” and CIPD’s guidance on HR records retention. These periods are both the minimum and maximum periods for which data needs to be held before deletion or shredding.
Where a retention period is not specified, personal information will only be retained for the longer of:
- As long as required for its purpose
- As required by law
Manual files relating to previous staff, clients and associates shall have all non-essential information removed and securely destroyed prior to being archived.
The Company will require all data processors to formally agree that personal data will not be retained for longer than the purpose for which they are processing it.
This policy covers the following areas:
- Method for deletion
- Accounts & Finance records
- Payroll records
- Employee/Personnel records
- Pension records
- Buildings records
- Insurance records
- Governance records
- Associate records
- Client records
- METHOD FOR DELETION
- Paper, CD and DVD files will be shredded. The materials will be shredded offsite by a third party provider who will give confirmation of the secure disposal.
- Every 3 months staff will participate in a review of paper, CD & DVD media and destroy all files that are not required, as defined above. These reviews will take place in February, May, August and November.
- All Database (Infusionsoft, Freeagent, E-mail and files held on the server) records will be marked for deletion and permanently deleted on review. The record should not be archived. The Company should liaise with its external IT providers (currently Systems IT) to obtain evidence of how they deal with any off site back-ups to ensure that all old versions are deleted.
- Each organisational Director is responsible for liaising with their respective teams to ensure that the data is deleted in accordance with this policy.
- ACCOUNTS & FINANCE RECORDS
Document | Retention period | Reason for retention period |
Record of payments made (For suppliers — can be reprinted from Freeagent, For associate expenses — would need to refer to actual claim, For payments — hard copies of payment documentation are kept) | Six years after the end of the financial year in which the transaction was made. | Companies Act |
Purchase ledger (Ledger records on Feeagent and all hard copy and electronic purchase invoices, staff and associate expenses | Six years after the end of the financial year in which the transaction was made. | Companies Act |
Invoices raised to generate income (Paper/Electronic copies) | Six years after the end of the financial year in which the transaction was made. | Companies Act |
Petty cash records (Copies of vouchers and receipts received in support of expenditure) | Six years after the end of the financial year in which the transaction was made. | Companies Act and HMRC |
Invoice- capital item (with a significant value and where the Company is registered for VAT) | Ten years | Companies Act and HMRC |
Bank paying in counterfoils | Six years after the end of the financial year in which the transaction was made. | Companies Act |
Bank statements (Access to on-line statements is available for the last 12 months, hard copy statements are received from Barclays and Santander) | Six years after the end of the financial year in which the transaction was made. | Companies Act |
Remittance advices (In support of income received from clients) | Six years after the end of the financial year in which the transaction was made. | Companies Act |
Correspondence re: income (Letters/e-mails etc.) | Six years after the end of the financial year in which the transaction was made. | Companies Act |
Bank reconciliations (hard/electronic copies of same information) | Six years after the end of the financial year in which the transaction was made. | Companies Act |
Income summary (electronic version of the bank statement reconciling Freeagent to the bank accounts) | Six years after the end of the financial year in which the transaction was made. | Companies Act |
5.PAYROLL RECORDS
Document | Retention period | Reason for retention period |
Income tax records re. employees leaving, i.e. P45 | Three years plus the current year | The Income Tax (Emloyments) Regulations 1993 (SI 1993/744) as amended, for example by The Income Tax (Employments) (Amendment No 6) Regulations 1996 (SI 1996/2631) |
Notice to employer of tax code (P6) | Three years plus the current year | The Income Tax (Emloyments) Regulations 1993 (SI 1993/744) as amended, for example by The Income Tax (Employments) (Amendment No 6) Regulations 1996 (SI 1996/2631) |
Annual return of employees and directors expenses and benefits (P11D) | Three years plus the current year | The Income Tax (Emloyments) Regulations 1993 (SI 1993/744) as amended, for example by The Income Tax (Employments) (Amendment No 6) Regulations 1996 (SI 1996/2631) |
Certificate of pay and tax deducted (P60) | Three years plus the current year | The Income Tax (Emloyments) Regulations 1993 (SI 1993/744) as amended, for example by The Income Tax (Employments) (Amendment No 6) Regulations 1996 (SI 1996/2631) |
Notice of tax code change | Three years plus the current year | The Income Tax (Emloyments) Regulations 1993 (SI 1993/744) as amended, for example by The Income Tax (Employments) (Amendment No 6) Regulations 1996 (SI 1996/2631) |
Annual return of taxable pay and tax deducted | Three years plus the current year | The Income Tax (Emloyments) Regulations 1993 (SI 1993/744) as amended, for example by The Income Tax (Employments) (Amendment No 6) Regulations 1996 (SI 1996/2631) |
Records of pension deductions (including superannuation) | Six years plus the current years | Pensions Act |
Payroll and payroll control account | Six years after the end of the financial year in which the transaction was made. | Companies Act |
- EMPLOYEE / PERSONNEL RECORDS
Document | Retention Period | Reason for retention period |
Accident books, accident records/reports | Three years after last entry or end of investigation if later | The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 (RIDDOR) (SI 1995/3163) as amended, and Limitation Act 1980. Special rules apply concerning incidents involving hazardous substances. |
Details of medical schemes | Permanently | Commercial |
Organisation charts | Permanently | Commercial |
Personnel files and training records | Six years after employment ceases. Records for key senior executives should be kept permanently for historical purposes | Limitations Act 1980 |
Wages and salary records | Six years plus the current year | Taxes Management Act |
Expense accounts/records | Six years plus the current year | Taxes Management Act |
Overtime records/Authorisation | Six years plus the current year | Taxes Management Act |
Redundancy details, calculations of payment, refunds, notifications to the Secretary of State | Six years after employment has ceased | Data Protection Act |
Life Assurance expression of wish form | Six years after employment ceases or death | Data Protection Act |
Application forms and interview notes (for unsuccessful candidates) | Six months to a year | Disability Discriminations Act 1995 and Race Relations Act 1976 recommend six months. One year limitation for defamation actions under Limitations Act |
Statutory Maternity Pay records, calculations, certificates or other medical evidence | Three years after the end of the tax year in which the maternity period ends | The Statutory Maternity Pay (General) Regulations 1986 (SI 1986/1960) as amended |
Statutory Sick Pay records, calculations, certificates, self certificates | Three years after the end of each tax year for Statutory Sick Pay purposes | The Statutory Sick Pay (Maintenance of Records) (Revocation) Regulations 2014 (SI 2014/55) abolished the former obligation on employers to keep these records. Although there is no longer a specific statutory retention period, employers still have to keep sickness records to best suit their business needs. It is advisable to keep records for at least 3 months after the end of the period of sick leave in case of a disability discrimination claim. However if there were to be a contractual claim for breach of an employment contract it may be safer to keep records for 6 years after the employment ceases. |
Records relating to working time | Two years from date on which they were made | The Working Time Regulations 1998 (SI 1998/1833) |
Records relating to children and young adults | Until the child/young adult reaches the age of 21 | Limitation Act 1980 |
National minimum wage records | Three years after the end of the pay reference period following the one that the records cover | National Minimum Wage Act 1998 |
- PENSION RECORDS
Document | Retention period | Reason for retention period |
Details re. current pensioners | Ten years after benefit ceases | Commercial |
Pension scheme- next of kin/expression of wish forms | Six years after date of death | Data Protection Act |
All trust deeds and rules | Permanently | Companies Act, Commercial, Pensions Act |
Trustees’ minutes books | Permanently | Companies Act, Commercial, Pensions Act |
Annual accounts | Permanently | Companies Act, Commercial, Pensions Act |
Contribution records | Permanently | Companies Act, Commercial, Pensions Act |
- BUILDINGS RECORDS
Document | Retention period | Reason for retention period |
Deeds of title | Permanently or until property disposed of. A copy of title deeds should be kept for six years after disposal | Data Protection Act |
Leases | Fifteen years after expiry | Limitations Act 1960 |
Final plans, designs and drawings of buildings, pIanning consents, building certifications, collateral warranties, records of historical interest and final health and safety file | Permanently or until six years after property disposed of | Data Protection Act |
Asbestos Register and Asbestos Disposal Certificates | Permanently. Property holders required to examine the premises for asbestos or possible asbestos materials, record the location of those materials and assess the risk. These assessments are to be recorded and provided to anyone who may disturb the asbestos. | The Control of Asbestos at Work Regulations 2002 (SI 2002/ 2675). Also see the Control of Asbestos Regulations 2006 (SI 2006/2739) and the Control of Asbestos Regulations 2012 (SI 2012/632) |
Records of major refurbishments, warranties, planning consents, design documents, final health and safety file | Thirteen years for actions against contractors etc. | Data Protection Act |
- INSURANCE RECORDS
Document | Retention Period | Reason for retention period |
Policies | Three years after lapse | Data Protection Act |
Claims correspondence | Three years after settlement | Data Protection Act |
Employer’s Liability Insurance certificate | Forty years | Employers’ Liability (Compulsory Insurance) Regulations 1998 |
Accident reports and relevant correspondence | Three years after settlement | Data Protection Act |
- GOVERNANCE RECORDS
Document | Retention Period | Reason for retention period |
Board of Directors minutes of meetings and decisions | Permanently | Data Protection Act |
Annual accounts and annual review | Permanently | Data Protection Act |
Major agreements of historical significance | Permanently | Data Protection Act |
Health and safety records | Three years for general records. Permanently for records relating to hazardous substances. | Personal injury actions mist generally be commenced within three years of injury. However industrial injuries not capable of detection within that period (e.g. asbestos) the time period may be substantially extended. |
Fixed assets register | Permanently | Companies Act, Commercial |
Contract with customers, suppliers or agents, licensing agreements, rental/hire purchase agreements, indemnities and guarantees and other agreements or contracts | Six years after expiry or termination of the contract. If the contract is executed as a deed, the limitation period is twelve years | Limitations Act 1980 Six years is generally the time limit within which proceedings founded on contract may be bought. Actions for latent damages may be bought up to fifteen years after the damage occurs |
- ASSOCIATE RECORDS
Document | Retention period | Reason for retention period |
Where appropriate the associate records should be retained in line with permanent staff | See section Employee/Personnel records |
- ADVISORY RECORDS
Document | Retention period | Reason for retention period |
Personal details such as name, address, age, gender | One year after last communication | Data Protection Act |
Details of illness | One year after last communication | Data Protection Act |
Details of advice | One year after last communication | Data Protection Act |
- REFERENCES
https://ico.org.uk/media/for-organisations/documents/l475/deleting personal data.pdf