How should I protect the personal data I hold and how long should I retain it for?
How should I protect the personal data I hold and how long should I retain it for?
You will need to check that appropriate security measures are in place to protect personal data. You should review your processes with your data protection officer and information management/IT departments to help identify any risks to the security of the data you hold, whether on paper or stored electronically.
You need to maintain a document retention policy, which will help demonstrate that you are complying with the principles of processing personal data, ensuring that it is processed lawfully, fairly and in a transparent manner.
Your document retention policy should set out the following for all documents you receive and hold:
whether the document contains personal data
the lawful basis on which any personal data was collected
your retention period
your rationale for the retention period (which might relate to a requirement in electoral law)
Our data protection guidance for EROs and ROs contains further guidance on the retention and storage of documents, including what information your document retention policy should contain.
You will be collecting personal data from residents such as date of birth, nationality and their National Insurance Number. Your council will have corporate standards and processes for handling data and security. You should seek advice from your Data Protection Officer and IT about maintaining effective data handling. They will be able to help you identify any risks to the security of the data you hold, whether on paper forms or stored electronically on your systems.
You will need to ensure that your procedures and storage arrangements are compliant with data protection legislation. Good data handling practices need to be part of your day-to-day business processes. For example, you will need to keep under review how you are managing the security of personal data.