Step 11: Delete and destroy
Contents
- Introduction
- Step 1: What do I need to know about data protection?
- Step 2: Who is responsible for what?
- Step 3: Appointing a Data Lead
- Step 4: Understanding data subjects' rights
- Step 5: Gathering data
- Step 6: Data discovery
- Step 7: Keep a record
- Step 8: Check your security
- Step 9: Third parties
- Step 10: Publish your privacy stance
- Step 11: Delete and destroy
- Step 12: Responding to a breach
Step 11: Delete and destroy
The key principle behind the GDPR and DPA 2018 is Accountability. This means that the data entrusted to you by the data subjects will need to be processed and protected in the way they expect you to.
Part of this obligation is to retain only the data you need and for only as long as you need it. At the point this period expires you should securely destroy/delete this data, this aligns to the principle of Storage Limitation.
How long to keep data
This question is important and should be asked before the data is gathered. There are a number of reasons that can justify maintaining personal data and in some cases these will be easy to define, such as data required for tax purposes. In other cases the judgement of the Trustee Board collectively needs to be used to justify the retention period, this is best done using evidence or past experience. To assist, we have created a Template Data Retention Policy, which contains real scouting examples. This has been created using a combination of the UK HQ Data Retention Policy and examples from local Scouting. This template can be used by a local Scout Unit but may need tailoring to suit local processing activities.
Data lifecycle
Data is useful and necessary for many things; however, it doesn’t always need to contain personally identifiable information (name, address, email etc…). For example, maintaining the details of numbers of attendees for an event is great insight into the success of that event, in this case you don’t require the names of those who attended.
The best practice way to manage the life cycle of data is as follows:
- Only retain personal data that is necessary
- Anonymise the personal data as soon as possible so it doesn’t contain anything personally identifiable (for example removing names and personal data relating to a Nights Away event, but keeping the number of young people in attendance for statistical purposes at a later date)
- Delete/destroy the data when it is no longer required
There are a number of ways that data can have the personally identifiable elements removed. The most common is simply delete the records that contain these elements, but there is also tooling that can reduce the admin burden of manually deleted records. These tools use techniques such as anonymising.
Anonymising is a technique of data cleansing that uses an irreversible program to scramble the data, or delete parts of the data making it no longer possible to identify individuals. With anonymisation the result is a data set that can be retained without requiring a lawful justification and can be used for gaining historical insights or analysis from the data.
Delete/destroy
Care should be taken when deleting or destroying all personal data. When destroying physical documents this should be done using a shredder or secure paper waste bins that only allow access to the authorised disposer. Digital destruction of documents should be completed in line with the retention periods specified in the retention policy. Most delete capabilities that exist today for digital data do come with a recycle bin concept. This means that the data is not deleted straight away and allows the user some time to restore before permanent deletion, care should be taken to ensure the data is fully deleted.
The ICO have published guidance on the secure destruction of data, this pre dates the GDPR and DPA 2018 but the advice is still relevant.
Useful resources for Step 11