A retention and disposal schedule describes the business that is done by an organisation and identifies classes of information created, received and used in pursuit of that business.
Retention and disposal practices have come under the spotlight because of high-profile data breaches involving customer data. This has led to more clients coming to us to help design retention and disposal schedules and implementation plans that can be applied to information and data in all forms.
A retention and disposal schedule authorises minimum retention periods and disposal actions that may be carried out for specified classes of information, such as deletion or de-identification.
Understand how long information and data needs to be retained
Destroy/delete information and data which have reached their minimum retention period
Reduce the risk/severity of a data breach by not over-retaining information and data
elevenM will work with you to build a retention and disposal schedule. The steps below are the typical order in which the schedule is created.
Any organisation that collects personal or sensitive information, or information with associated legal or regulatory requirements, should have a Retention and Disposal Schedule, to ensure they are meeting their regulatory obligations
We work with every organisation individually to tailor our work to your needs.