Managing personal information is a topic laden with pitfalls and red tape. Depending on the size of your business, this can differ from sector to sector. This article aims to outline some key industry sectors, their document retention policies and how to comply.
What’s the purpose of processing personal data?
An individual's data consists of any information that can identify the person in question. Among the factors that can identify an individual are their names, numbers, or digital traces, such as IP addresses or cookies.
Article 5(1)(b) of the GDPR guidance states that personal data shall be:
“collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.”
You need to be clear from the beginning about why and how you intend to use personal data. But collecting and keeping data is only half the compliance challenge. Knowing how long to keep records and when to delete them is just as important.
Below we look at a few key sectors' document retention policies, and why they're important.
Healthcare
Accurate, up-to-date records are a critical component of quality healthcare. But what kind of records do healthcare providers keep? Records include:
- Records of care taken by healthcare specialists
- Human resources records, minutes from hospital boards, and other information used to run the NHS and social care.
- Research data (e.g., clinical trial data)
The types of records vary; from letters, emails, photos, X-rays, text messages, and plaster moulds.
The length of time for retaining different types of records also vary. Most health and care records are kept for eight years following the last treatment. Though, it's much longer for GP records. Then there's social care and children's records, which have their own timeline.
Document retention policies and timeframes such as these, not only ensure privacy but also a continuation of care for as long as it is necessary.
Government
Government departments have their own data retention policies. These vary in complexity depending on how sensitive or historically significant the records are.
The Foreign and Commonwealth Office, for example, has some record types with a 15-year retention period. After this, they are reviewed for permanent preservation at the National Archive.
The HMRC retention policy, on the other hand, has a default standard retention period. This is 6 years plus current, otherwise known as 6 years + 1. It also has a maximum 20-year retention period for historically significant records.
Housing Associations
The National Housing Federation provides a comprehensive schedule on data retention and disposal. The very fact it has over 200 record types shows how complex record management is for these organisations.
These retention rules range from over 40 years, for medical records relating to control of asbestos, down to two years for rent statements and Housing Benefit notifications. At Apogee, we understand well the challenge of operating in such a heavily regulated area.
Gentoo Group Limited is a housing association that owns and manages more than 29,500 homes across Sunderland. While they started digitising their records in 2011, they hadn’t set to work transferring any of their legacy records. This left around 35,000 files stored in depots and offices across Sunderland.
We wanted to ensure an efficient and compliant digitisation strategy. So, we conducted on-site visits and worked closely with the client on a unique reference system. The strategy we delivered means Gentoo can now:
- cross reference files
- retrieve records tied to multiple sites
- enact much more control over retention and deletion of files.
Compliance made easy through digital document management
Management, retention, and deletion of personal information in any industry is a challenge. There is a raft of legislation protecting both you and the individuals you work with and for. And this challenge scales up in more heavily regulated industries.
Digital Records Management helps you meet these challenges an efficient, compliant way. And the right partner has the expertise and experience to implement it cost-effectively.
Apogee has been working with NHS Trusts, housing associations, and local governments for over 20 years. We've supported them to meet vital compliance standards through digitised tools and processes. Let us take the monotony out of record-keeping - contact us today by using the form below!