Data Retention Policy Template. Data Protection Policies. Data Retention Policy. This Data Retention Policy contains the following clauses: 1. Business Buy e. More Data Protection Policies. More Business Folders. Continue to Buy Cancel. Simply-Docs uses cookies to ensure that you get the best experience on our website. Learn more. This section provides guidelines and procedures for data disposal and destruction. Data Review: This section should describe details regarding data review and the people responsible for the review.
Some example guidelines are mentioned below. Safe Destruction and Disposal: This section should describe in detail all procedures and guidelines that the team needs to follow when it comes to data destruction and disposal. Below are some examples that can be included as policy guidelines in this section.
This section should include procedures to deal with any unintentional and accidental loss of critical data. This section should ideally describe the roles and responsibilities of the enforcement committee which is responsible for data retention and data disposal. Additionally, this section should contain guidelines regarding disciplinary actions to deal with policy breaches and malicious intent. The main purpose of data retention policy of a company is to keep and organize important information of the company for future reference.
This section should help inform all the stakeholders associated with the data regarding their obligations and responsibilities for data retention and data disposal. For any organization that acts as a data controller or a data processor, the data retention policy is compulsory, according to the GDPR rules.
Hence, this policy should be applicable on a company-wide basis for all the employees. Moreover, if there are external stakeholders such as agencies and contractors dealing with the data, the policy should also include them. The organization can also choose to design and implement this policy on a per-department basis if there is a difference in the category of data handled and the processing of that data for all individual departments. This section describes the general data retention policies, the data categories, and policies for specific data categories.
For example, in human resources, you can break up files into a benefits category as well as an employment category. Within record classes are record class codes to help organize data even further. Regardless of whether your record classes are saved in the cloud, on a hard drive, or a data room states away, you want to classify them according to a specific code to communicate to stakeholders what the retention requirement is.
Note: Certain record classes may belong to more than one business function. For example, your compliance, audit, and IT teams may have to collaborate on a security audit. Regardless, make sure you stick to one code for that record class. Input the retention period for the corresponding record class. Remember, always take legal requirements into consideration first.
If there are no legal requirements, consider business needs, then operational efficiency to determine what to retain or delete. Again, keep in mind there may be different retention periods for different record classes.
Assess them on an individual basis. If applicable, link to the citation that is driving the retention period. This way, you can easily access it for reference. We recommend conducting a refresh of your retention citations every 2 years to check for any updates.
Tip: The second tab of our data retention policy template will dive deeper into retention within data sources. Check the box if the corresponding record class contains PII.
By taking note of which record classes contain PII, you can better respond to sensitive privacy matters down the line. Ask yourself, who is authorized to retain, delete, or archive data? Assign this person s as the authorized manager. They will oversee the entire lifecycle of their respective record classes. Use this column to jot down any information you feel is relevant to know about the corresponding record class.
Is there a specific way this data needs to be archived or deleted? Is there a limitation in the data source that requires regular maintenance? Any knowledge like this could be helpful to keep on hand. Go to the second tab of our data retention policy template to locate our retention and discovery overview for cloud applications. Tip: Onna eDiscovery is compatible with all of the apps you see on this list. And there you have it — the best data retention policy template to get you started.
Remember to customize your template to your unique needs, foster cross-collaboration, and constantly monitor updates to regulation and technology. If you do this, your data retention policy will be sure to remain a cornerstone for security, compliance, information governance, and invaluable business insights.
Liked this data retention policy template? Reach out to learn more. Featured Slack Information Governance. Contact Support. You must be logged in to post a comment.
Blog Post. Table of Contents.
0コメント