The ICO exists to empower you through information.

Disposal and deletion

Share Download options

Pages

Format

Control measure: Electronic records are disposed of in line with the retention schedule.

Risk: If the disposal of electronic records is not planned in the retention schedule, information may be accidentally retained for too long. This may breach UK GDPR articles 5(1)(e-f) and 32.

Ways to meet our expectations:

  • Delete electronic records containing personal information permanently in line with the retention schedule.
  • Move electronic records out of reach and restrict access, where system functionality prevents deletion or deletion isn’t possible.
  • Obtain and log management approval prior to deleting records.
  • Have a process to delete emails in line with the retention schedule.
  • Report failure to delete electronic records in line with the retention schedule as an incident and take appropriate action.

Options to consider:

  • Delete electronic records in archives, recycle bins, and back-ups.
  • Use built-in system retention periods to purge electronic records and emails automatically once the retention period has expired.

 

Control measure: Electronic records are destroyed using appropriate methods that prevent disclosure before, during, and after disposal.

Risk: If personal information in electronic records is not destroyed securely, it may be recoverable. This may breach UK GDPR articles 5(1)(f) and 32.

Ways to meet our expectations:

  • Use and document secure disposal methods (eg device wiping, degaussing, or hardware shredding).
  • Store electronic devices or hardware awaiting destruction securely (eg in a locked area with restricted access).
  • Keep a log of all devices awaiting destruction and their location.

Options to consider:

  • Maintain an access log to show who has accessed electronic devices awaiting destruction.
  • Check areas with devices awaiting destruction on site walks.
  • Use a third-party secure hardware destruction provider.

 

Control measure: Physical records are disposed of in line with the retention schedule.

Risk: If the disposal of physical records is not planned in the retention schedule, information may be accidentally retained for too long. This may breach UK GDPR articles 5(1)(e-f) and 32.

Ways to meet our expectations:

  • Destroy physical records containing personal information permanently in line with the retention schedule.
  • Destroy records held in record archives, satellite locations, or by third-party storage providers.
  • Obtain and log management approval prior to destroying records.
  • Report failure to delete physical records as an incident and take appropriate action.

Options to consider:

  • Keep a checklist in each team or department showing how long to keep each record for, when the retention time was last checked and by who.

 

Control measure: Physical records are destroyed using appropriate methods that prevent disclosure before, during, and after disposal.

Risk: If physical records are not destroyed securely, personal information may be recoverable. This may breach UK GDPR articles 5(1)(f) and 32.

Ways to meet our expectations:

  • Use and document secure disposal methods (eg cross-cut or micro-cut shredding).
  • Store physical records awaiting destruction securely (eg in a locked area with restricted access).
  • Keep a log of all physical records awaiting destruction and their locations.

Options to consider:

  • Use secure confidential waste bins.
  • Check areas with physical records awaiting destruction on site walks.
  • Use a third-party secure shredding or incineration provider.

 

Control measure: Appropriate contracts are in place with all third parties used to dispose of personal information.

Risk: If disposal is not appropriately controlled, personal information may be used or disclosed inappropriately by third parties. This may breach UK GDPR articles 5(1)(f) and 32.

Ways to meet our expectations:

  • Ensure contracts are signed by an appropriate senior manager.
  • Ensure contracts include all required clauses and details, including security measures, accountability, and your right to audit providers.

Options to consider:

  • Schedule annual visits to third-party records storage providers as part of relationship management processes.
  • Ensure contracts are timebound and reviewed regularly.

 

Control measure: Evidence of secure disposal is obtained from third parties used to dispose of personal information.

Risk: If evidence is not obtained, personal information may not be secure during disposal or not disposed of at all. This may breach UK GDPR article 5(2).

Ways to meet our expectations:

  • Check periodically that the security of third-party services is to the agreed standard.
  • Assign a staff member to check destruction certificates match what you sent for destruction.

Options to consider:

  • Store electronic confirmations of destruction in a dedicated folder or email inbox.