Close
Understanding data retention
30 April 2021
UCL will soon be publishing a new data retention schedule. As SRS process vast amounts of personal data, it is important to understand how this will apply to you and what action you can take now to comply with data protection policies.
What is a retention schedule?
The purpose of a Data Retention Schedule is to outline how long data will be kept. It applies to data stored in all formats and is mandated by data protection legislation.
How are retention periods set?
Data protection legislation does not specify the amount of time that personal data should be held, data may be retained for as long as there is a justifiable reason to keep it. When considering how long data should be retained, consideration must be given to legislation and regulations, the needs of a business and the rights of an individual.
What should I do now?
Both individually and within your team, you should consider if it is necessary to retain any of the personal data you are storing in your personal or shared drives. Most of the data that is processed in SRS will be held on a records management system (such as SITS) and where this is the case, this will be the ‘home’ of the data. Duplicate copies of this data have no value and should be deleted. This includes any documents that have been attached to a student or applicant record.
Email should never be the ‘home’ of any personal data relating to students. Anything with value should be attached to a student record or stored securely on a shared drive.
When will I receive more information?
Once the schedule has been published, further information and guidance will be issued.