The General Data Protection Regulation (GDPR) requires us to keep personal data for no longer than necessary. The Regulation itself states Personal Data must be:
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’).
Source: Article 5(1)(e), GDPR.
The University’s Records Retention Schedules set out how long we keep the information we hold. These schedules recognise the laws, regulations, codes, and policies governing how long records should be kept and take into account our business needs too.
For further guidance on disposing of records in accordance with the schedules see the University’s Records Management Policy and associated records and data management guides. Specific questions on records retention should be directed to the University's Records Manager.