Data Retention And Records Management Policy

lifetask.co.uk

PURPOSE
The Company is committed to maintaining accurate, reliable, secure, and accessible records while ensuring personal data is not retained longer than necessary.
This Policy establishes the Company’s approach to the creation, management, retention, storage, archiving, and disposal of records in compliance with legal, contractual, and regulatory obligations.

LEGAL FRAMEWORK
This Policy supports compliance with:
• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Employment Rights Act 1996
• Limitation Act 1980
• Companies Act 2006
• HMRC Record Keeping Requirements
• Health and Safety at Work etc. Act 1974
• Immigration, Asylum and Nationality Act 2006
• Relevant contractual obligations

SCOPE
This Policy applies to:
• Directors
• Employees
• Temporary workers
• Contractors
• Consultants
• Recruitment personnel
• Training personnel
• Third-party service providers handling Company records
The Policy applies to:
• Electronic records
• Paper records
• Audio records
• Video records
• Recruitment records
• Employment records
• Financial records
• Training records

POLICY STATEMENT
The Company shall:
• Maintain records necessary for operational, legal, and regulatory purposes.
• Retain records only for approved periods.
• Ensure information remains secure.
• Dispose of records securely.
• Protect confidentiality throughout the record lifecycle.
• Demonstrate accountability for information management.

RECORDS MANAGEMENT PRINCIPLES
All records shall be:

Accurate
Records must accurately reflect business activities.

Accessible
Records shall be available to authorised personnel when required.

Secure
Appropriate safeguards shall protect records from loss, misuse, unauthorised access, or destruction.

Retained Appropriately
Records shall be retained only for approved retention periods.

Disposed Securely
Records shall be securely destroyed when no longer required.

RESPONSIBILITIES
Board of Directors
Responsible for overall governance and compliance.

Management
Responsible for implementing record management procedures within their departments.

Employees and Workers
Responsible for:
• Creating accurate records.
• Maintaining confidentiality.
• Following retention schedules.
• Reporting record management concerns.

STORAGE OF RECORDS
Electronic Records
Electronic records shall be stored:
• On approved systems.
• Within secure cloud environments.
• Using access controls.
• With regular backups.
Physical Records
Paper records shall be stored:
• In secure facilities.
• In locked cabinets where appropriate.
• With controlled access.

RETENTION SCHEDULE
The following retention periods shall apply unless legislation requires otherwise.

i. Recruitment Records

ii. Unsuccessful Candidate Applications:
12 months after recruitment process concludes.

iii. Interview Notes:
12 months.

iv. Pre-Employment Screening Records:
12 months.

v. Right-to-Work Verification Records
Duration of Employment plus 2 years.

vi. Employee Personnel Files
Duration of Employment plus 6 years.

vii. Payroll Records
Minimum 6 years.

viii. Pension Records
Minimum 6 years.

ix. Training Records
Minimum 6 years after completion.

x. Health and Safety Records
Minimum 3 years.

xi. Accident Records
Minimum 3 years.

xii. RIDDOR Records
Minimum 3 years.

xiii. Client Contracts
6 years following contract termination.

xiv. Supplier Contracts
6 years following contract termination.

xv. Financial Records
Minimum 6 years.

xvi. Tax Records
Minimum 6 years.

xvii. Complaints Records
Minimum 6 years following closure.

xviii. Insurance Records
Minimum 6 years after policy expiry.

xix. Corporate Governance Records
In accordance with Companies Act requirements.

xx. Website Analytics Records
As required for business purposes and lawful processing.

xxi. Marketing Consent Records
Retained while consent remains valid and for audit purposes.

ARCHIVING
Where operationally appropriate, records may be archived before final disposal.
Archived records shall:
• Remain secure.
• Be searchable.
• Be protected from unauthorised access.
• Be reviewed periodically.

RECORD DISPOSAL
When retention periods expire, records shall be disposed of securely.
*Paper Records*
Methods may include:
• Cross-cut shredding.
• Approved confidential waste disposal.

Electronic Records
Methods may include:
• Secure deletion.
• Data wiping.
• Permanent destruction of storage media.
Disposal must ensure information cannot be reconstructed or recovered.

LITIGATION HOLDS
Where legal proceedings, investigations, audits, complaints, or regulatory reviews are anticipated or ongoing, relevant records shall not be destroyed regardless of retention schedules.
Management may issue a Retention Hold Notice requiring preservation of records.

DATA SUBJECT RIGHTS
Where personal data is retained, the Company shall continue to support rights under UK GDPR, including:
• Right of Access
• Right to Rectification
• Right to Restrict Processing
• Right to Object
• Right to Erasure where applicable
Requests shall be assessed in accordance with legal obligations.

SECURITY OF RECORDS
The Company shall implement:
Physical Security Controls
• Locked storage
• Controlled access
• Visitor management

Technical Security Controls
• Encryption where appropriate
• Password protection
• Access permissions
• Backup systems

Administrative Controls
• Policies and procedures
• Training and awareness
• Compliance monitoring

AUDITS AND MONITORING
The Company may conduct periodic audits to ensure:
• Records are retained appropriately.
• Information remains accurate.
• Disposal procedures are followed.
• Legal requirements are met.
Findings may result in corrective actions where necessary.

NON-COMPLIANCE
Failure to comply with this Policy may result in:
• Disciplinary action
• Contract termination
• Legal action
• Regulatory sanctions
• Reputational damage

RELATED DOCUMENTS
• Privacy Notice
• Data Protection Policy
• Information Security Policy
• Cookies Policy
• Employee Handbook
• Business Continuity Plan
• Incident Management Procedure

*POLICY REVIEW*
This Policy shall be reviewed annually or sooner where required by:
• Legislative changes
• Regulatory updates
• Business changes
• Audit findings
• Significant incidents