Data Retention and Disposal Policy
Introduction
At Blackstone Legal, we are committed to safeguarding the privacy and personal data of our clients and partners. This Data Retention and Disposal Policy outlines how we handle data retention, the duration for which we keep various types of data and the secure disposal procedures we have in place.
Purpose
The purpose of this policy is to ensure that our data management practices comply with the relevant UK legislation, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. We aim to retain data only for as long as necessary to fulfil the purposes for which it was collected and to ensure its secure disposal thereafter.
Data Retention
Categories of Data
- Client Records
-
- Retention Period: 6 years after the end of the client relationship.
- Purpose: To comply with legal obligations and for potential dispute resolution.
- Financial Records
-
- Retention Period: 7 years from the end of the financial year in which the transaction was made.
- Purpose: To meet accounting and tax requirements.
- Employment Records
-
- Retention Period: 6 years after the end of employment.
- Purpose: For reference in case of employment disputes and to comply with employment law.
- Marketing Data
-
- Retention Period: Until consent is withdrawn or it is no longer needed.
- Purpose: To manage our marketing communications with individuals who have opted in.
Storage and Security
All personal data is stored securely using appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. This includes, but is not limited to, encrypted storage solutions, access controls, and regular security assessments.
Data Disposal
When data reaches the end of its retention period, it will be disposed of securely and permanently. Our data disposal methods are designed to prevent any unauthorised access to or reconstruction of the data.
Disposal Methods
- Electronic Data
-
- Method: Secure deletion using specialised software to ensure data is irrecoverable.
- Procedure: Conduct regular audits to ensure compliance with our disposal policy.
- Physical Documents
-
- Method: Shredding using cross-cut shredders or secure shredding services.
- Procedure: Shredded documents are recycled following secure destruction.
Responsibilities
All staff members are responsible for adhering to this Data Retention and Disposal Policy. Specific roles within the firm, such as Data Protection Officers and IT Administrators have defined responsibilities to enforce and oversee data management practices.
Staff Training
Regular training is provided to ensure all employees are aware of their responsibilities under this policy and are equipped to handle data securely and appropriately.
Review and Updates
This policy will be reviewed annually or more frequently if required by changes in legislation or our business practices. Updates to the policy will be communicated to all staff and, where appropriate, to our clients and partners.
Contact Information
For any queries regarding this policy or data protection matters, please contact us.
By adhering to this policy, we aim to protect the privacy and integrity of personal data while ensuring compliance with applicable laws and regulations.
This page provides a comprehensive overview of our data retention and disposal practices, reflecting our commitment to data protection and privacy. If you have any further questions, please do not hesitate to get in touch.
