A FTSE250 Company Secretary writes...
In light of the fast approaching General Data Protection Regulation we are proposing to progress a housekeeping exercise on our electronic statutory records stored on Company Secretarial software (e.g. Coact). Are there any companies that have completed this already and are able to advise on how they approached this? Also, under our Document Retention Policy, we retain the Register of Directors and Secretaries and the Register of Members permanently and we were wondering if this in line with other companies? Is there any guidance on the retention of this data that is recommended, particularly in relation to dissolved/struck-off/ sold companies? Any advice on how companies are handling this would be appreciated.
We are a fintech FTSE250 and have taken a “broad brush” approach to data retention undr GDPR as follows, which covers all e files, physical records and third party systems such as Blueprint:
Each Group company will retain all records, books and data relating to its employees
and business operations for a period of 7 years with the exception of:
• 12 years for contracts (including employment contracts) and ancillary data relating to those contracts;
• 10 years for statutory books and records; and
• 10 years for all Swiss records;
Additional exceptions may be included once a review of relevant Asian jurisdictions have been completed.
The relevant retention period shall be determined by reference to:
• in the case of contracts and any associated data, from the date of termination
• in the case of statutory books and records, from the date of liquidation/dissolution of the company
• in the case of trade data, from the date it becomes obsolete
• in the case of any other data, from the date it was sent and/or created
Hope this helps