You are here:
UK GDPR: retention and disposal of records
Find out how long you need to retain school records for, and why and how you should establish a retention schedule. Plus, learn how to dispose of data securely.
You must not retain personal data for 'longer than necessary'
This is one of the 7 principles of the UK GDPR.
You’ll need to work out what ‘necessary’ means for the personal data you hold. Consider why you need to keep any pieces of personal data, and make sure you’re able to justify the decision you take. And remember that some types of data must be kept for a specific amount of time.
Make sure staff know what they can and cannot keep
Data protection is the responsibility of all staff. Download our GDPR cheat sheet to help staff understand what they need to know, and display our GDPR posters in staff rooms and offices to make sure everyone's informed.
Consult the IRMS toolkit for statutory retention periods
See pages 66 to
More from The Key
Bitesize training with a big impact
Our on-demand training has your whole board covered and lets them learn at a time and pace that suits them.
Help your new governors hit the ground running with our expertly-designed induction training, and our role-specific courses support your link governors develop key skills and confidence in their role.
The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence v3.0.