 |
 |
I agree with Donald - but perhaps a baseline created by a GDPR analysis of the existing position could be used as "the date", and the review triggered from there. There is no retention period - consent will last until it is either withdrawn, renewed/refreshed or no longer required. I think annually might be difficult depending on the range of systems or areas where consent is recorded. I would also consider (just off the top of my head) putting in place a regular process that asks IAOs to check that their consent records/status in their services/teams is not creating a risk to the organisation - particularly in areas of high risk e.g. is there a lot of consent being withdrawn - if so why? Are individuals not providing consent (either on paper or on systems) - is it difficult for them to understand or do etc. Regards Madi -----Original Message----- From: The Information and Records Management Society mailing list [mailto:[log in to unmask]] On Behalf Of Donald Henderson - CHX Sent: 01 June 2017 14:39 To: [log in to unmask] Subject: Re: Retention periods for consent under GDPR Sadly, I doubt there will be a standard retention period. The period is going to vary depending on what the consent has been for and how easy it is to withdraw consent (or practical to review it). It may be reasonable in most circumstances to say that consent needs to be reviewed annually or every two or three years. Additionally, the reduction in the potential use of consent brought about by GDPR may make all of this a bit easier anyway... Donald -----Original Message----- From: The Information and Records Management Society mailing list [mailto:[log in to unmask]] On Behalf Of Sarah Norman Sent: 01 June 2017 13:14 To: [log in to unmask] Subject: Retention periods for consent under GDPR Hi I am being asked to put Consent records for GDPR into our retention schedule. This is consent from Employees and Customers. I am struggling to find any guidance that states how long these records should be kept for. Has anyone else developed a retention period for these? Or know of any guidance out there. The ICO Guidance for Consent just specifies they should be retained but does not state how long for Many thanks in advance Regards Sarah Norman To view the list archives go to: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.jiscmail.ac.uk_cgi-2Dbin_webadmin-3FA0-3DRECORDS-2DMANAGEMENT-2DUK&d=CwIGaQ&c=HmJinpA0me9MkKQ19xEDwK7irBsCvGfF6AWwfMZqono&r=hlY7XvDzlutScMUZv2FUgUm4xx54yhiT-WkOL-6WAlCnQYGc753dWS-_FLPxw8dm&m=wVycoPEAtRuLAXBCEX-FX5yNmtUq0M7h8vtZpNoB-_Q&s=gB8_YjK1U2CGYJs_HLdStfgyZIKfql9NIgzEDgIgDsE&e= To unsubscribe from this list, send an email to [log in to unmask] with the words UNSUBSCRIBE RECORDS-MANAGEMENT-UK For any technical queries re JISC please email [log in to unmask] For any content based queries, please email [log in to unmask] Securing the future... - Improving services - Enhancing quality of life - Making best use of public resources. The information in this email is solely for the intended recipients. If you are not an intended recipient, you must not disclose, copy, or distribute its contents or use them in any way: please advise the sender immediately and delete this email. Perth & Kinross Council, Culture Perth and Kinross and TACTRAN do not warrant that this email or any attachments are virus-free and does not accept any liability for any loss or damage resulting from any virus infection. Perth & Kinross Council may monitor or examine any emails received by its email system. The information contained in this email may not be the views of Perth & Kinross Council, Culture Perth and Kinross or TACTRAN. It is possible for email to be falsified and the sender cannot be held responsible for the integrity of the information contained in it. Requests to Perth & Kinross Council under the Freedom of Information (Scotland) Act should be directed to the Freedom of Information Team - email: [log in to unmask] General enquiries to Perth & Kinross Council should be made to [log in to unmask] or 01738 475000. General enquiries and requests under the Freedom of Information (Scotland) Act to Culture Perth and Kinross should be made to [log in to unmask] or 01738 444949 General enquiries to TACTRAN should be made to [log in to unmask] or 01738 475775. Securing the future... - Improving services - Enhancing quality of life - Making best use of public resources. To view the list archives go to: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.jiscmail.ac.uk_cgi-2Dbin_webadmin-3FA0-3DRECORDS-2DMANAGEMENT-2DUK&d=CwIGaQ&c=HmJinpA0me9MkKQ19xEDwK7irBsCvGfF6AWwfMZqono&r=hlY7XvDzlutScMUZv2FUgUm4xx54yhiT-WkOL-6WAlCnQYGc753dWS-_FLPxw8dm&m=wVycoPEAtRuLAXBCEX-FX5yNmtUq0M7h8vtZpNoB-_Q&s=gB8_YjK1U2CGYJs_HLdStfgyZIKfql9NIgzEDgIgDsE&e= To unsubscribe from this list, send an email to [log in to unmask] with the words UNSUBSCRIBE RECORDS-MANAGEMENT-UK For any technical queries re JISC please email [log in to unmask] For any content based queries, please email [log in to unmask] ---------------------------------------------------------------------- Please help to reduce waste and do not print this message unless you really need to. This message, including any attached files, is intended just for the use of the individual or organisation to whom it is addressed. Any opinions expressed are those of the sender, not Merton Council. Email is not secure, and the council accepts no responsibility for any inaccuracy, corruption or virus which has occurred during transmission. This email may be subject to monitoring in accordance with relevant legislation and may be disclosed in response to a request under the Freedom of Information Act 2000. The message may contain information that is confidential or sensitive; you should handle it accordingly. If you have received this email message in error, you must not copy, disclose or make any further use of the information contained within it. Please notify the system manager ([log in to unmask]) or the Head of Information Governance ([log in to unmask]), and delete the message. [log in to unmask] http://www.merton.gov.uk ----------------------------------------------------------------- To view the list archives go to: https://www.jiscmail.ac.uk/cgi-bin/webadmin?A0=RECORDS-MANAGEMENT-UK To unsubscribe from this list, send an email to [log in to unmask] with the words UNSUBSCRIBE RECORDS-MANAGEMENT-UK For any technical queries re JISC please email [log in to unmask] For any content based queries, please email [log in to unmask]