Search Sign in Create document
Templates

Data Retention Policy Template

A data retention policy is an internal document that sets out the procedures that should be followed by your business in relation to the retention of data and records. It includes a schedule with defined retention periods for different records and data. Read more
Legislation GB-EAW
Topics
Confidentiality, privacy, & intellectual property
Updated by a lawyer: 27 Dec 2023

What is this data retention policy template?

Company’s internal document: This data retention policy template sets out how long different types of records and data can be held by your business. Most businesses keep personal data for as long as it serves the purpose for which it was collected, but having a data retention policy in place keeps track of different categories of data, what they’re collected and used for, and acts as a useful resource for when data reviews occur.

Importance: Complying with data protection laws in the UK is a particularly important part of the day-to-day running of your business. Two of the key principles of UK data protection laws are storage limitation and data minimisation. This means that personal data should only be kept by your business for as long as it is necessary to achieve a particular purpose. It is critical to have a data retention policy in place to be able to achieve these principles - but why is that so important?

  • Risk to reputation: Mismanaged data protection practices can lose the hard-earned trust of your customer base - having a clear policy in place reduces this risk;
  • High-value fines £: In the event of a data breach or other non-compliance with data protection laws, your business could be exposed to multi-million pound fines and legal action - holding on to too much data for longer than it is needed increases the risk of a data breach;
  • Regulatory investigations: Data breaches can lead to an ICO (the data protection regulator in the UK) investigation. In the event of an investigation, internal policies and procedures can be key to demonstrating that a business is complying with its obligations under UK data protection laws; and
  • Practical steps: A clear data retention policy that sets out defined retention periods for different types of data and records, will lead to a consistent approach to data retention across your business.

When to use our data retention policy template: You would use this data retention policy template where you collect any personal information about any living individuals - whether that is your staff, customers, suppliers, shareholders or others. Given that practically speaking all businesses will process some personal data (even if it only relates to their staff), every business should have a data retention policy as a means of ensuring that it only keeps data for as long as it is necessary (as required by data protection laws). You should not use this document to set out policies and procedures for, or obligations on staff on how to approach, data processing generally - our data protection policy should be used as well.

What matters does this data retention policy template cover?

High-quality model clauses: Docue’s dynamic data retention policy template covers, among other things, the following matters:

  1. Data protection principles - the key principles of UK data protection laws that relate to data retention and how your business can satisfy them;
  2. Clear retention periods - a schedule can be included that sets out the retention periods that apply to different types of data (and the rationale for choosing those periods). Including these periods will help your company demonstrate its accountability requirements under data protection laws, and lead to better consistency across the organisation in how long data is held for;
  3. Who to contact with questions about the policy - whether there is a formal data protection officer in place, or another person responsible for data protection compliance within your business; and
  4. A process for reviewing the policy - a clear process for ensuring the policy remains up to date and reflects your current business operations.

Source of information for staff: A key reason for having a data retention policy is to provide information for staff on the actions they should take to enable the business to be and remain compliant with data protection laws. This includes who to contact if they have questions and how long different types of personal data should be kept.

Why Docue?

We support you through the drafting: Docue’s platform allows you to create and store a compliant data retention policy at the touch of a button using a lawyer-grade template as a starting point and automated guidelines to steer you in the right direction from start to finish.

Easily customisable: You can easily amend Docue’s data retention policy template to fit your organisation's requirements, so that it is adapted to your business operations.

Tags: data retention policy, retention schedule, data retention policy template, data retention schedule, records retention, UK GDPR

Related legal templates

Data Breach Policy Data Protection Policy Data Subject Request Policy Privacy Notice (Website)

Related articles

Data Protection Policy UK: Everything you need to know Everything you need to know about data processing agreements, including the key clauses to include Protecting your business: a guide to compliant data protection documents (Incl. lawyer-drafted templates) Top 5 FAQs about data protection procedures your business should have in place Top 5 FAQs about website privacy and compliance Why your business needs an internal data protection policy
Legislation GB-EAW
Topics
Confidentiality, privacy, & intellectual property
Updated by a lawyer: 27 Dec 2023

Docue gives you access to 130+ high-quality legal templates drafted and maintained by UK lawyers. Trusted by 40,000+ companies.

"We needed an instant fix for writing contracts and looked around at alternatives, but Docue was superior. Easy to engage with and a wide range of templates."

Darrell Arnold

Founder & CEO, Servicedek

"Docue gave us professional contracts that we know are legally written, and cover us in a way that's easy for a non-expert to understand."

Andrew Cowen

Chief Commercial Officer, Komerz

News

Go to news

Battle of the brands: Tesco forced to rebrand Clubcard logo after Lidl's legal triumph

In the latest development in the ongoing series of supermarket clashes over intellectual property rights, following a 4-year-long dispute, Tesco must stop using its yellow and blue "Clubcard Price" logo and is set to undergo a drastic rebrand, estimated to cost the supermarket giant up to £8 million.

Docue's Legal Team

25.4.2024

Is your business ready for the new flexible working rules?

In the ever-evolving landscape of modern work culture, the concept of flexible working has become increasingly prevalent. Now, with the introduction of new flexible working rules in the UK, businesses are facing a pivotal moment in adapting to this shift. But what exactly do these new rules entail, and is your business prepared to embrace them?

Docue's Legal Team

12.3.2024

We Are Docue: Heather Stark, Head of Legal, UK

Welcome to the third edition of We Are Docue, a series where we introduce all the talented and passionate people who make Docue an amazing platform - and an exceptional place to work.

Docue's Legal Team

27.2.2024