Data Retention Policy

Registered as a Charitable Incorporated Organisation with the Charity Commission No 1158593.


Key details


This policy sets out how Hertfordshire Community Nurses’ Charity (HCNC) will approach data retention and establishes processes to ensure we do not hold data for longer than is necessary.

It forms part of HCNC’s Data Protection Policy.

Roles and responsibilities

HCNC is the Data Controller and the Trustees are Data Controllers in common. They will determine what data is collected, retained and how it is used. The person responsible for  Data Protection for HCNC is Helen Hanbury. She, together with the Trustees are responsible for the secure and fair retention and use of data by HCNC. Any questions relating to data retention or use of data should be directed to the Data Protection Officer.

Regular Data Review

A regular review of all data will take place to establish if HCNC still has good reason to keep and use the data held at the time of the review.

As a general rule a data review will be held about 2 years after the last review. The first review took place on September 16, 2018.

Data to be reviewed

Who the review will be conducted by

The review will be conducted by the person responsible for Data Protection for HCNC along with other Trustees to be decided on at the time of the review.

How data will be deleted


The following criteria will be used to make a decision about what data to keep and what to delete.

Question Action
Yes No
Is the data stored securely? No action necessary Update storage protocol in line with Data Protection policy
Does the original reason for having the data still apply? Continue to use Delete or remove data
Is the data being used for its original intention? Continue to use Either delete/remove or record lawful basis for use and get consent if necessary
Is there a statutory requirement to keep the data? Continue to use Delete or remove the data unless we have reason to keep the data under other criteria.
Is the data accurate? Keep the data at least until the statutory minimum no longer applies Ask the subject to confirm/update details
Can the data be anonymised? Anonymise data Continue to use

Statutory Requirements

Data stored by HCNC may be retained based in statutory requirements for storing data other than data protection regulations. This might include but is not limited to:

Other data retention procedures

Trustee data

Freelancer data

Data held by individual Trustees

Other data