The purpose and requirements for keeping the data
<SCHOOL NAME> is committed to the protection and security of all data it is required to keep – in some cases this may be beyond a pupil’s, staff member’s or governor’s tenancy at the school. In light of this, <SCHOOL NAME> is required to keep a digital continuity statement pertaining to computerised data that must be kept for six or more years.
Should the school fail to retain this data, legal action may result in financial penalisation and/or negative press; it is for this reason that the school will retain relevant data for as long as it is required.
The school understands the sensitivity of some data it is required to keep and ensures measures are in place to secure this data, in accordance with the school’s Data Protection Policy and the GDPR.
To ensure the safety of the data and records, <SCHOOL NAME> will not store any data on flash drives (memory sticks). <SCHOOL NAME> understands the importance and sensitivity of some data and sees the use of flash drives as inappropriate due to the fact they can be easy to corrupt, lose or steal. Data will be stored on password protected external hard drives.
Data retention will be overseen by the following personnel:
Should the any of the above personnel change, appropriate updates will be made to this and other affected policies and correspondence.
As agreed with the ICT technician, Microsoft Word documents will be converted into PDF files, to ensure the longevity of their accessibility – file formats should be converted as soon as possible, or within six months, to ensure their compatibility. Further specifications of file conversion are listed below:
Microsoft Word document PDF
Microsoft PowerPoint document PDF
Microsoft Excel document PDF
Videos and film, including CCTV MOV/MP4
If it is not possible for the data created by an unsupported computer system to be converted to the supported file formats, the system itself should be ‘mothballed’ to preserve the files it has stored. If this is the case with any data, <SCHOOL NAME> will list the complete system specification for the software that has been used and any licence information which will allow the system to be retained in its entirety.
Data will be stored on password protected external hard drives, which will be kept in a locked filing cabinet – only the information asset owners and the Headteacher will have knowledge of these passwords
To ensure the data’s relevance to the school, and that recent files have been correctly converted, information asset owners (SBM/Headteacher/SENCO/DSL) will undertake regular archive checks of the data – timeframes are listed in the table below. In accordance with principle five of the GDPR, personal data should be “kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed”. <SCHOOL NAME> is committed to ensuring all data is checked regularly to ensure its relevance.
Biannually – Relevance check
Annually – Compatibility check and, if required, back-up files created
At the end of the data’s lifecycle (at least every six years) – Check to ensure data is securely disposed of