Africa Check has a responsibility to look after the personal data we collect, including information about our subscribers, employees, event attendees and people browsing our websites. As outlined in our Data Protection Policy, personal data will only be retained for as long as is necessary and destroyed or anonymised when no longer required.
Therefore, it is vital we maintain clear and specific policies and procedures in regard to the retention, archiving and destruction of personal data. Personal data can only be retained beyond the retention period outlined in this policy with the written approval of our Information Officer in line with the General Data Protection Regulation (GDPR).
Definitions
|
Archiving |
A process of moving data that is no longer actively used to a separate storage device for long-term retention. |
|
Data subject |
Any living person who is the subject of personal data (see below for the definition of personal data) held by an organisation. A data subject must be identifiable by name, ID, address, online identifier or other factors such as physical, physiological, genetic, mental, economic or social. |
|
Destruction |
The process of destroying data, either in hard copy or electronic format, so that it is completely unreadable and can no longer be accessed or used. |
|
Personal data |
Any information relating to a data subject. |
|
Retention |
The continued storage of data for compliance or operational reasons. |
Retention Policy
Africa Check will determine how long data is required and define the time periods for which personal data records should be retained, deleted or archived within the Retention Schedule of this document. If a category of personal data is not specified within this policy, the retention period will be deemed to be 5 years from the date of creation or acquisition. Africa Check will annually review the data we hold and update the Retention Schedule as appropriate.
Archiving Policy
Under GDPR, we can process personal data for archiving purposes beyond the stated retention period if doing so is in the public interest, or for historical, scientific or statistical purposes. We ensure that archiving does not contravene the rights and freedoms of data subjects and that appropriate technical and organisational safeguards are in place, such as data minimisation, pseudonymisation or encryption.
Destruction Policy
Africa Check oversees and documents the destruction of personal data in accordance with the Retention Schedule. The Information Security Policy & Procedures enforce a list of approved destruction methods.