![]() ![]() These includes things like physical and technical security measures, conducting information security risk analyses, having information security policies & standards in place to guide our staff. UK / EU GDPR talks about ‘appropriate technical and organisational measures’ (known as TOMs). This requires organisations to make sure we have appropriate security measures in place to protect the personal data we hold. This is the ‘integrity and confidentiality’ principle of the GDPR – often known as the security principle. ![]() For more information see our Data Retention Guidance. When the data is no longer necessary, we must destroy or anonymise it, unless there’s a compelling reason for us to keep it for longer. This is key step to making sure you can comply with this principle. The ICO would expect us to have a data retention policy in place, with a schedule which states the standard retention period for each processing task. ![]() Where the retention period is not set by law, the organisation must set an appropriate data retention period for each purpose, which it can justify. But not all data processing has a statutory period. ![]() Storage limitationĭon’t be a hoarder! We must not keep personal data longer than necessary for the purposes we have specified.Ĭertain records need to be kept for a statutory length of time, such as employment data. Perhaps find ways to give people the opportunity to check and update their personal details? 5. So we need to consider ways to keep our data updated and cleansed. And of course some people on your database may pass away. For example, people change their email address, move house, get married or divorced, their needs and interests change. If we identify any of the personal information we hold is incorrect or misleading, we should take steps to correct or delete it promptly.ĭata accuracy can decline over time. For example, validate email addresses are in the right format, or verify postal addresses when these are captured online. It’s good practice to use data validation tools when data is captured or re-used. We should take ‘all reasonable steps’ to make sure the personal data we gather and hold is accurate, up-to-date and not misleading.
0 Comments
Leave a Reply. |