Safe record retention and storage
This document has been created for Phoenix to safely manage member’s records, photos and video retention and storage. Maintaining and storing the records relating to the setting is the responsibility of project leads in the organisation and overseen by the CEO.
Data Protection Act and UK General Data Protection Regulations
General Data Protection Regulation (GDPR) came into force and effect on 25th May 2018, and it replaced the Data Protection Act 1998. The United Kingdom General Data Protection Regulation (UK-GDPR) is the UK’s domestic data privacy law that replaces the EU’s GDPR after Brexit. The ‘UK GDPR’ sits alongside an amended version of the DPA 2018.
According to Data Protection principles, records containing personal information should be:
- Adequate, relevant and not excessive for the purpose(s) for which they are held
- Accurate and up to date
- Only kept for as long as is necessary
All settings are subject to the requirements of the Data Protection Act and the UK General Data Protection Regulations and will need to ensure that they have created a privacy notice.
On occasions, Phoenix will need to share information with other organisations and individuals. Settings should be clear about what information they hold and with whom it can be shared. Other than when sharing information as part of a statutory requirement, we will require the consent of the individual concerned and in the case of sensitive personal data explicit consent of the data subject (or the individual with parental responsibility if it is a members data). All this information is included in our privacy notice.
All requests for access to personal information should be deal with in line with the requirements laid down in the Data Protection Act and UK the General Data Protection Regulations.