Data Protection Policy
1. Introduction
1.2 Rationale
• Regulatory Compliance: Statutes such as the UK GDPR, Data Protection Act 2018, and SIA ACS guidelines mandate that personal or sensitive data must be kept no longer than necessary. Overextending retention can breach occupant or staff privacy and invite enforcement actions or fines.
• Operational Efficiency: Unnecessary data clutters systems, inflates storage costs, and complicates audits or occupant inquiries. Timely disposal streamlines routine tasks and preserves system performance.
• Risk Mitigation: Data that is no longer required becomes an avoidable liability if compromised. Ensuring timely disposal reduces potential damage in the event of a breach or internal mishandling, aligning with the principle of data minimisation.
2. Purpose and Scope
2.1 Purpose
This policy:
• Outlines Retention Periods: Defines how long various categories of Pro Sentry Ltd data are retained, referencing legal benchmarks (e.g., occupant logs, staff HR records) as well as operational factors (insurance or occupant requests).
• Establishes Disposal Protocols: Details procedures and tools for secure data disposal, preventing unauthorised recovery or continued usage of out-of-date records.
• Sets Review Mechanisms: Clarifies how staff and managers periodically check stored data, identify items past retention, and log disposal in line with best practices.
• Ensures Consistency: Guarantees synergy with the GDPR Policy (for occupant and staff personal data) and the Information Security Policy (for classification, encryption, and incident management).
2.2 Scope
• Data Types: Includes occupant sign-in logs, incident reports, staff HR/payroll files, visitor rosters, finance records, CCTV recordings, advanced security strategies, and ephemeral data (like shift rosters or occupant checklists).
• Operational Boundaries: All outward business units such as security operations and other client services, internal units such as HR and Finance, operations and sales, apply this policy to records they generate or receive.
• Media Formats: Both physical (paper forms, occupant sign-in sheets, training binders) and digital (cloud drives, onsite servers, emails, database systems) are covered.
2.3 Exclusions and Dependencies
• Statutory Overrides: If UK/EU laws or local regulations impose a minimum or extended retention period (e.g., tax documents, occupant health & safety files), Pro Sentry Ltd must comply with these frameworks, integrating them into retention schedules.
• Policy Intersections: Links closely with the Information Security Policy for data classification (Confidential, Restricted, etc.) and with the GDPR Policy for occupant or staff personal data. In case occupant personal data is implicated in a breach, synergy with breach notification (GDPR or ICS) takes precedence.
3. Definitions
3.1 Retention Period
A specified length of time that certain data remains active or archived before disposal or anonymisation. Retention periods vary based on legal mandates, business necessity, or contractual obligations (e.g., occupant service agreements).
3.2 Secure Disposal
A documented method ensuring no recoverable fragments remain (e.g., multi-pass overwriting of digital media, paper shredding/incineration for occupant logs, degaussing for magnetic tapes). Certified destruction or vendor-based disposal, where used, includes receiving proof of finality (certificates or logs).
3.3 Archiving
The controlled transfer of data from a live environment (frequent retrieval) to a long-term storage or lesser-accessible system. Archived data typically remains for reference, occupant queries, or compliance checks until the retention period expires.
3.4 Legal Holds
Directives preventing normal disposal if the data may be relevant to ongoing or anticipated legal actions, occupant disputes, or regulator requests. During a legal hold, standard retention expiry does not apply until the hold is lifted.
3.5 Data Minimisation
The principle of retaining only the minimal amount of personal or operational data required for identified purposes, mitigating the harm in case of breaches and aligning with occupant privacy obligations (GDPR synergy).
3.6 Partial Erasure
A process whereby specific occupant or staff personal data elements, no longer justified for retention, are selectively destroyed while preserving any data still needed for occupant or operational continuity.
4. Governing Principles
4.1 Lawfulness and Fairness
Retaining data without lawful grounds breaches occupant and staff rights. Each data set’s retention period is linked to the original legitimate reason for collection—exceeding that scope requires new justification or disposal.
4.2 Data Minimisation
Data that no longer serves a valid legal or operational purpose must be promptly removed to minimise exposure. Holding occupant sign-in sheets or staff rosters beyond their usage end-date contravenes minimisation and can inflate breach risks.
4.3 Confidentiality and Integrity
Data, while retained, must remain accurate and protected. If occupant logs are incorrectly altered or staff records are insecurely stored, these become compliance issues. Secure disposal ensures that any final read, prior to destruction, is legitimate and uncorrupted.
4.4 Availability
Within its retention lifecycle, data must be readily accessible to authorised personnel—particularly for occupant or regulatory queries (e.g., SIA ACS audits). Overzealous archiving without an indexing system leads to retrieval inefficiencies.
4.5 Transparency
In compliance with the GDPR, occupant or staff notices reveal how long personal data is kept or the rationale for indefinite retention. Clear and open communication fosters occupant trust and meets regulatory expectations on data use fairness.
4.6 Version Control and Auditability
Any changes to retention durations or disposal processes are recorded in the Company’s Policy Register, ensuring a comprehensive audit trail of which rules applied at any point in time.
5. Roles and Responsibilities
5.1 Senior Management
• Strategic Approval: Authorises this policy, ensuring it aligns with Pro Sentry Ltd’s overall compliance strategy.
• Resource Allocation: Provides the tools (archiving software, shredding equipment, staff hours) necessary for robust retention and disposal tasks.
• Monitoring & Escalation: Reviews periodic compliance snapshots—if occupant data is discovered well past its retention date, Senior Management can escalate for immediate remedial action.
5.2 Data Protection Officer (DPO)
• Alignment with Data Protection Laws: Ensures occupant/staff personal data retention meets legislative constraints (GDPR, Data Protection Act 2018). Alerts managers if occupant data must be erased earlier under occupant’s right-to-erasure requests.
• Staff Education: Partners with HR and the Information Security Officer to incorporate retention guidelines into staff orientation, refreshers, or new occupant data rollouts.
5.3 Department Heads / Line Managers
• Implementation of Schedules: Each department’s operational instructions specify how occupant logs, staff records, or incident forms are moved from active to archive, and eventually disposed of when thresholds expire.
• Ongoing Review: Responsible for monthly/quarterly checks, removing or archiving data that surpasses time limits, or marking them for scheduled disposal.
• Anomaly Reporting: If occupant medical data, staff disciplinary records, or other sensitive logs appear to be stored beyond policy, managers notify the DPO or relevant seniors for immediate correction.
5.4 All Employees and Contractors
• Daily Compliance: They must observe posted retention timeframes for occupant forms or staff files, especially near the expiry window.
• Secure Handling: Up until disposal, employees maintain confidentiality and correct classification measures (e.g., storing occupant logs labeled “Confidential” in locked cabinets).
• Reporting Conflicts: If they detect contradictory instructions—like a manager telling them to keep occupant logs indefinitely—they must escalate to the DPO or Senior Management.
6. Retention Schedules
6.1 Defining Schedules
Pro Sentry Ltd forms a structured matrix specifying:
• Data Category: E.g., occupant sign-in logs, staff HR files, alarm response incident forms, advanced security protocols.
• Retention Duration: Minimum and maximum years or months.
• Legal/Business Rationale: Statutory references (SIA ACS, HMRC, occupant contract clauses), occupant safety considerations, or operational references (insurance claims).
• Disposal Method: Shred, overwrite, incinerate, or vendor-based destruction.
6.2 Sample Durations
• Occupant Logs
o General visitor sign-in logs: Retained 12 months.
o Occupant incident logs: 36 months if occupant or legal claims are possible. Post-incident oversight might demand extension.
• Staff Records
o HR essentials (contracts, payroll info): Up to 6 years post-employment for potential tribunal or statutory references.
o Sensitive staff data (medical notes, disciplinary files): 3 years after resolution or employee exit, unless occupant safety or legal holds force extension.
• Incident Reports: 3 years, extended to 5 if occupant injuries or major property claims exist.
• Advanced Security Plans / SIA Vetting: Duration of the relevant contract plus 2 years. At termination, if occupant or staff disputes are pending, disposal is paused until resolution.
6.3 Exceptions & Legal Holds
• Litigation or Investigations: If occupant or staff data is key to pending legal action, the standard retention schedule is suspended. No disposal occurs until the legal hold is lifted.
• Regulatory Requirements: Some occupant data might be demanded for 7 or 10 years under certain safety or financial regulations, overriding default timeframes.
6.4 Optional Retention Justification Matrix
Managers maintain a reference matrix, capturing:
• Data Type (e.g., occupant daily rosters)
• Minimum Duration (12 months)
• Legal Justification (SIA ACS occupant data guidelines, occupant contractual terms)
• Disposal Approach (shredding, overwriting)
• Responsible Department (Security Ops, HR)
This matrix simplifies training, audits, and occupant queries about data handling.
7. Storage, Archiving, and Review
7.1 Active vs. Archive Storage
• Active: Systems with immediate occupant, staff, or administrative usage—like occupant sign-in logs from the current quarter or staff payroll records from this fiscal year.
• Archive: Once usage tapers off, data is securely transferred into locked cabinets (physically) or secure offline/nearline drives (digitally). Access is restricted to occasional reference, occupant disputes, or audits.
7.2 Regular Housekeeping
Each department designates a Data Custodian (often the line manager or a delegated staffer) who monthly/quarterly flags records nearing expiry. They coordinate with the DPO if occupant personal data is involved or if partial erasure requests are pending.
7.3 Documentation and Archiving Log
• Movement Log: The date of archiving, data category, relevant site or occupant reference, new storage location. This ensures a traceable path if occupant queries or regulators ask for older data.
• Disposal Readiness: The log also notes the projected disposal date, helping staff forecast upcoming data that will soon require secure destruction.
8. Disposal Procedures
8.1 Secure Disposal Methods
• Shredding / Incineration: Hard-copy occupant logs, staff rosters, or incident forms require cross-cut shredders or licensed incinerators. Staff deposit routine documents into locked “shred bins,” which an approved vendor empties on schedule.
• Digital Overwriting / Wiping: On servers or storage devices, employing multi-pass overwriting or encryption-key destruction ensures occupant or staff data is irrecoverable by forensic tools.
• Certified Destruction: For large volumes of occupant data or advanced security schematics, Pro Sentry Ltd may contract accredited disposal providers who produce destruction certificates verifying final disposal. Sensitive drives or tapes might be physically crushed or degaussed.
8.2 Exceptions
• Legal/Contractual Holds: Disposal halts if occupant or staff data is relevant to an ongoing dispute or official inquiry. The DPO updates disposal logs to “on hold” status until the matter resolves.
• Partial Deletion: In the event occupant or staff personal data is subject to erasure requests (GDPR), employees carefully segregate the portion that must be destroyed from data still required for occupant safety or statutory reasons.
8.3 Verification and Audits
Department managers or designated leads confirm monthly/quarterly that disposal tasks took place for data hitting or exceeding retention. The Information Security Officer or DPO can perform random checks to cross-verify disposal logs vs. actual removed data.
9. Handling of Special Category Data
9.1 Sensitivity and Legal Mandates
Information revealing occupant health details, staff disciplinary records, or SIA vetting forms is classified at higher risk. Extended retention inadvertently elevates breach impact. The DPO helps define narrower timelines or stricter disposal protocols.
9.2 Encryption and Segregation
For special category occupant or staff data stored within restricted systems, advanced encryption keys must be preserved until disposal. Post-retention, these keys are carefully destroyed to ensure zero possibility of future decryption.
9.3 Documentation of Disposal
Logs for special category data disposal include the reason (end of occupant contract, occupant request, staff departure), method (shred, incinerate, overwrite), and supervisory sign-off, confirming the robust chain of accountability.
10. Collaboration with Information Security
10.1 Synergy
• Classification Link: If occupant data or staff records are labelled “Confidential” or “Restricted,” the disposal method must reflect stricter controls (certified incineration, multi-factor user verification before data removal, etc.).
• Breach Impact Reduction: Minimising unneeded occupant or staff data fosters smaller risk if a system is compromised. The Information Security Policy’s guidelines on encryption, access control, and incident management bolster safe retention.
10.2 Automation and E-Discovery
In large occupant datasets, Pro Sentry Ltd may deploy lifecycle management or e-discovery software that automatically flags records approaching retention deadlines. This decreases manual oversight overhead and standardises disposal cycles.
11. Auditing and Monitoring
11.1 Internal Audits
• Scope: Review occupant logs, staff folders, system backups to ensure no records surpass deadlines. Random samples help detect policy breaches or staff oversights.
• Reporting: Findings detail any compliance gaps, improvement needs (e.g., better occupant log archiving), and any urgent calls for re-training or revised departmental SOPs.
11.2 External Reviews
• Clients / Regulators: Certain occupant contracts or SIA ACS compliance checks may require demonstrations of a robust retention policy. Pro Sentry Ltd cooperates, presenting disposal certificates, retention logs, or archiving summaries.
• ISO 27001: If the Company obtains or maintains ISO 27001 certification, third-party auditors evaluate the entire data lifecycle (retention, archiving, disposal) as part of the ISMS scope.
11.3 Remedial Steps
Repeat or severe non-compliance triggers a Compliance Improvement Plan by the responsible department. Senior Management reviews the plan, ensuring it addresses root causes—whether staff knowledge gaps, lack of disposal resources, or outdated retention guidelines.
12. Training and Awareness
12.1 Mandatory Guidance
All staff handling occupant, staff, or financial data receive basic orientation on:
• Where to find official retention schedules.
• How to identify data nearing or exceeding retention thresholds.
• Step-by-step disposal processes (shredding, overwriting, incineration, or vendor pick-up).
12.2 Role-Specific Modules
• Security Operations & Concierge: Emphasis on occupant logs (e.g., daily sign-ins) and incident forms.
• HR: Detailed modules on employee data retention (e.g., post-employment intervals, special category restrictions).
• Finance: Clear references to HMRC requirements, occupant invoicing documents, or payment logs.
12.3 Annual Training Audit
The DPO or HR Department conducts a yearly compliance training review, ensuring staff have up-to-date knowledge. Non-compliance or repeated misunderstandings prompt targeted re-trainings or managerial escalations.
13. Non-Compliance and Disciplinary Measures
13.1 Internal Accountability
•Negligent or Intentional Violations: Staff ignoring documented disposal schedules or deliberately preserving occupant or staff data for unauthorised reasons face disciplinary action. In extreme cases—like occupant data misuse—this may lead to termination.
• Escalated Investigations: Minor lapses handled at managerial level, but persistent or severe issues escalate to Senior Management and possibly external authorities if occupant rights are severely impacted.
13.2 Supplier Breaches
• Contractual Remedies: Vendors failing to align with Pro Sentry Ltd’s disposal standards (e.g., unconfirmed occupant data deletion) may lose their contract or face penalty clauses.
• Liability: The supplier indemnifies the Company for damages arising from incorrectly retained occupant or staff data if they have a contractual or statutory duty to destroy it.
14. Policy Maintenance
14.1 Periodic Review
• Annual or Triggered Updates: Each year and/or upon significant legislative or operational changes, Senior Management and the DPO to revisit this policy’s relevance. Adjustments to occupant or staff data laws, new services expansions, or client contract shifts can trigger mid-cycle revisions.
• Approval & Version Control: Major policy modifications are approved at the Senior Management level. Each updated version is assigned a unique reference (e.g., v2.0, v2.1), stating the effective date and marking older iterations as archived but restricted.
14.2 Document Control
• Central Repository: The definitive policy text resides on the intranet or shared drive, ensuring staff reference the current iteration. Offsite or field-based teams may keep updated printouts, labelled with the present version number.
• Policy Register: Cross-references all corporate governance documents, including the GDPR Policy and Information Security Policy. This holistic register indicates next planned review dates, accountability owners, and historical changes.
15. References
1. Internal Policies
o GDPR Policy (data minimisation, occupant subject rights, breach notifications)
o Information Security Policy (classification, encryption, incident management synergy)
2. Legislation / Regulations
o Data Protection Act 2018 / UK GDPR: Setting out personal data retention boundaries and secure disposal obligations
o Computer Misuse Act 1990: Highlighting potential offences if data is retained insecurely and misused
o SIA ACS Standards: Mandates occupant data usage constraints and record-keeping requirements for regulated security operations
3. Best Practice Frameworks
o ISO 27001: Emphasising data lifecycle management, from creation to secure disposal
o ICO Guidance: Official recommendations for retention fairness, occupant/staff data disposal, and transparency
16. Effective Date
16.1 Commencement
This policy shall be effective from [Date], and it supersedes any prior Data Retention and Disposal policies.
16.2 Document Control
• Policy Version: 1.0
• Last Review: 19-05-2025
• Next Review: 19-05-2026
