Document Retention and Destruction Policy

Introduction

I, Ryan Jarvis, trading as Ryan Jarvis Law®, am committed to complying with the Data Protection Act 2018, the UK General Data Protection Regulation (GDPR), and good practice guidance from the Law Society, CILEx Regulation, and the Information Commissioner’s Office (ICO). This policy outlines the procedures for retaining and securely destroying documents to ensure the protection of personal data and compliance with legal and regulatory requirements.

Scope

This policy applies to all employees, consultants, and contractors of Ryan Jarvis Law®. It covers all documents and records, regardless of format (paper or electronic), that are created, received, or maintained by the firm in the course of its operations.

Objectives

  • To ensure the proper retention of documents in compliance with legal, regulatory, and business requirements.

  • To safeguard personal data and other sensitive information.

  • To ensure the secure destruction of documents that are no longer needed.

  • To protect the firm from legal and regulatory risks associated with improper document management.

Document Retention

Retention Periods

Documents will be retained for the period required by law, regulation, or business needs. The following retention periods apply:

  • Client Files: Retain for at least 6 years from the conclusion of the matter.

  • Financial Records: Retain for at least 6 years from the end of the financial year to which they relate.

  • Personnel Records: Retain for the duration of employment plus 6 years.

  • AML Records: Retain for at least 5 years from the end of the business relationship or transaction.

  • Correspondence and Emails: Retain in line with the relevant file or matter to which they relate.

  • Contracts and Agreements: Retain for at least 6 years from the end of the contract term.

Exceptions

Exceptions to the standard retention periods may apply in the following cases:

  • Litigation: If the document is relevant to ongoing or anticipated litigation, it will be retained until the matter is resolved.

  • Regulatory Requirements: If specific retention periods are mandated by regulators, those periods will take precedence.

  • Client Agreements: If a longer retention period is agreed upon with a client, that period will be followed.

Regular Review

A regular review of stored documents will be conducted to identify records that are eligible for destruction. This review will be conducted annually.

Document Destruction

Secure Destruction Methods

Documents that are no longer needed and have met their retention period will be securely destroyed. The following methods will be used:

  • Paper Documents: Shredding using a cross-cut shredder or professional shredding service.

  • Electronic Records: Deletion using secure deletion software that ensures data cannot be recovered.

  • Storage Media: Physical destruction of storage media (e.g., CDs, USB drives) to ensure data cannot be retrieved.

Documentation of Destruction

A record of the destruction of documents will be maintained, including:

  • Description of the documents destroyed.

  • Date of destruction.

  • Method of destruction.

  • Authorisation for destruction.

Data Protection Compliance

Data Subject Rights

All document retention and destruction activities will respect the rights of data subjects, including:

  • Right of Access: Ensuring that retained documents are accessible for subject access requests.

  • Right to Erasure: Considering data subjects' requests for erasure in accordance with GDPR.

  • Right to Rectification: Ensuring that retained documents are accurate and up-to-date.

Data Security

Appropriate technical and organisational measures will be implemented to protect retained documents from unauthorised access, loss, or damage. These measures include:

  • Secure storage facilities for paper documents.

  • Encryption and access controls for electronic records.

  • Regular audits of document security practices.

Training and Awareness

All staff will receive training on this Document Retention and Destruction Policy, including:

  • The importance of proper document retention and secure destruction.

  • Procedures for identifying and handling documents for destruction.

  • Data protection requirements and the rights of data subjects.

Review and Updates

This policy will be reviewed annually or when there are significant changes in relevant legislation or guidance. Updates will be communicated to all staff, and additional training will be provided if necessary.

Contact Information

If you have any questions about this Document Retention and Destruction Policy, please contact:

Ryan Jarvis

Ryan Jarvis Law®
Postal Point 428
Manchester
M8 2FS

Email: ryan.jarvis@ryanjarvis.law

Phone: 0161 528 9071

This Document Retention and Destruction Policy was last updated on 25th May 2024.

Previous

Conflict of Interest Policy
Next

Equality and Diversity Policy