Records Management and Data Quality Protocol

Title
Title
Title
Title
Version
Author
Next Review Date
Notes
V1 (February 2025)
Emma Kitcher, Data Protection Officer
February 2026
New Draft
V1.1 (April 2025)
Emma Kitcher, Data Protection Officer
April 2026
Added Section “Internal Communications”
V2 (October 2025)
Emma Kitcher, Data Protection Officer
October 2026
Annual review – no changes.
V3 (March 2026)
Caroline Oliver
October 2026
Added Holiday Club into policy

Contents

    INTRODUCTION.
    QUICK REFERENCE POINTS
    KEY DEFINITIONS
    SCOPE
    KEY LEGISLATION / FRAMEWORK
    MANAGING RECORDS
    THE RECORDS LIFECYCLE
    WHAT IS A RECORD?
    RECORD CREATION
    LOGS
    USE / STORAGE
    RETENTION
    DESTRUCTION
    DATA QUALITY
    INTERNAL COMMUNICATIONS
    APPLICATION AND AUDIT
    APPENDIX A: CREATING A SUMMARY HR RECORD
    APPENDIX b: KEY RECORDS RETENTION SCHEDULE
    APPENDIX C: PRAGMATIC ANNUAL RECORDS REVIEW

INTRODUCTION

This protocol supports staff to manage recording practice so that Hopscotch Nurseries and Holiday Clubs complies with the requirements of privacy law and observes the rights and freedoms of data subjects.
Whatever the purpose of the recording, it is essential that there is a systematic consideration of the rights of individuals and the security of the recording as personal data.
This protocol intends to support staff in recognising records and appropriate management of the records lifecycle and to encourage data quality across the organisation.
Effective records management allows Hopscotch Nurseries and Holiday Clubs to comply with their legal obligations in respect to transparency and privacy. Being able to locate and rely on records of operations and processing of Personal Confidential Information allows Hopscotch Nurseries and Holiday Clubs to be accountable and to operate more effectively.

QUICK REFERENCE POINTS

  • Keeping accurate, quality records provide evidence of the how Hopscotch Nurseries and Holiday Clubs operates
  • It allows Hopscotch Nurseries and Holiday Clubs to be effective and accountable
  • Keeping personal data for longer than its intended purpose (without suitable rationale) is unlawful
  • Staff must be aware of how they are required to create records – in the shared space or approved software
  • Staff must use and access records as defined by company policy including managing paper and digital records according to proper standards
  • Staff must use good naming conventions and version control to maintain effective record keeping
  • Offsite storage must be properly approved and tracked 

KEY DEFINITIONS

Personal Confidential Information            

This term is intended to cover information captured by the Data Protection Act 2018 / GDPR (identifiable information about the living), information covered by the Common Law Duty of Confidence / Tort of Misuse of Private Information and finally, information covered by Article 8 European Convention for Human Rights.

SCOPE

See Information Governance Policy for key roles.
All staff, whether management or administrative, who create, receive and use Personal Confidential Information have responsibilities to ensure management of the full records management lifecycle and the quality of records held by Hopscotch Nurseries and Holiday Clubs. Employees have a contractual and legal obligation to read and comply with all company policies and to attend mandatory training to support the appropriate management of information.

KEY LEGISLATION / FRAMEWORK

  • UK GDPR / Data Protection Act 2018
  • Human Rights Act 1998

MANAGING RECORDS

  • Information is a corporate asset and as such, is an important source of administrative, financial, legal, evidential and historical information.
  • It is vital to Hopscotch Nurseries’ and Holiday Clubs future operations, for the purposes of accountability and for an awareness and understanding of its history; information is the corporate memory of Hopscotch Nurseries and Holiday Clubs.
  • Information may be held on paper, USB sticks, computer file or printout, laptops, tablets, mobile phones or even heard by word of mouth or telephone.
  • This protocol provides general guidance about records management and data quality.
  • Without high standards of information quality, supported by systematic processes and practice, we cannot support the delivery of high-quality services and continue to improve.

THE RECORDS LIFECYCLE

  • The diagram below identifies the records management lifecycle, and each part of the lifecycle needs to be consistently managed to encourage high standards.

WHAT IS A RECORD?

  • A record is information that memorialises and provides evidence of activities performed, events occurred, results achieved, or statements made. Records are created/received by an organisation routinely in the process of its business or in pursuance of its legal obligations.
  • Records include accounts, agreements, books, drawings, letters, magnetic/optical disks, memos, micrographics, etc. Generally speaking, ‘records’ function as evidence of activities, whereas ‘documents’ function as evidence of intentions.
  • Some activity will be predefined as a record that needs to be kept, such as financial or employment records. Other records are kept because they are a unique instance of an event such as a business document or email.

RECORD CREATION

  • Records must be created within company systems or stored in the shared network
  • Records must not be stored in personal drives or mobile devices such as mobiles or memory sticks
  • The filing and naming of records should follow the Function-Activity-Transaction approach.
  • This means that the top-level folder would be named in line with the function, the second level named in line with the activity and the then in line with the transaction.
Example
Level 1 – Function – Human Resources
Level 2 – Activity – Recruitment
Level 3 – Transaction – Application Forms / Interview Sheets / Offer Letters
Naming of specific documents should follow a clear consistent method such as including the date of creation or activity, the title and the version.
Example
20180129 Emma Cooper Application Form v1

LOGS

  • Hopscotch Nurseries and Holiday Clubs will maintain a list of all systems (digital and electronic) that hold records including the type of records they hold (staff, service users etc).
  • The list will identify whether the records within the system are classified as containing personal or special category data.
  • Access to record keeping systems will be limited to staff with a legitimate reason to access those records.
  • Hopscotch Nurseries and Holiday Clubs will undertake regular checks to ensure that records containing personal data are accurate, adequate and not excessive.

USE / STORAGE

Paper Records

  • In order to establish the authenticity of paper records, the records must be held in a way that allows Hopscotch Nurseries and Holiday Clubs to audit who has accessed it.
  • Paper records must be kept in a safe, dry and secure location
  • If paper records are being kept in off-site storage, they must be fully tracked so that Hopscotch Nurseries and Holiday Clubs are fully aware of the location of records at all times
  • Offsite storage providers must be approved by the DPO

Digital Records

  • Digital information must be stored in such a way that throughout the lifecycle it can be recovered in an accessible format
  • Systems for storing digital records must provide information about those who have accessed the record.
  • When using a digital record being within the shared network such as a Word or Excel document, care must be given to providing ‘metadata’
  • This will include identifying the author, version, changes made, owner of the document
  • All information relating to a specific record must be stored together. For example, email messages related to a specific recruitment campaign must be stored in the network Recruitment folder alongside the Application Form and Interview Sheet.
  • Hyperlinks or embedded documents must still work when the document is transferred to different media or later versions
  • Occupational Health records should not be held with the main employee record

RETENTION

  • Once a record is no longer being used for its primary purpose, it should be appraised to consider whether and if so, how long, it should be retained by Hopscotch Nurseries and Holiday Clubs.
  • Retaining records for longer than the intended purpose in identifiable form and without an alternative lawful basis is a breach of Data Protection legislation
  • Hopscotch Nurseries and Holiday Clubs uses the National Archives guidance to assign retention periods. Some key records and their retention periods have been identified at Appendix C.
  • Staff should have access to a list of key records and their retention periods for that particular department. If you do not have this, please contact the DPO
  • Where the record is being retained, there should be a documented consideration of whether the information could be de-identified (direct or indirect identifiers removed) to reduce the risk of an information breach
  • Each year, a records management review should be performed to ensure that records are not being kept on personal drives and are not being kept for too long. A guidance document has been provided at Appendix D.

DESTRUCTION

Paper Records

  • Paper records can be incinerated, pulped or shredded (using a crosscut shredder) under confidential conditions.
  • National guidelines provide that confidential records must be shredded to no larger than 4mm x 15mm micro cross-cut to destroy sensitive data
  • Do not use the domestic waste or put them on a rubbish tip, because they remain accessible to anyone who finds them.
  • Destruction implies a permanent action so records cannot be retrieved.
  • Staff must keep accurate records of destruction and appraisal decisions.

Electronic Records

  • Destruction of hard assets, like computers and hard drives and backup tapes, must be auditable in respect of the information they hold.
  • An electronic records management system will retain a metadata stub which will show what has been destroyed.
  • The Information Commissioners Office has indicated that if information is deleted from a live environment (but remains in back up) and cannot be readily accessed then this will suffice to remove information for the purposes of the Data Protection Legislation.

DATA QUALITY

  • It is understood that errors and inaccuracies will occur in Information.
  • Systems, process and analysis during the lifecycle of the information need to identify the causes of any errors, the relevant margin of error introduced into any subsequent use of the Information and the appropriate action taken.
  • This includes understanding the context of any Information or data set, to ensure that “outliers”, results that fall outside expected ranges, are investigated to determine if there are any resulting Information Quality concerns.
  • It is important to determine and maintain a view of expected ranges of information to support the principles of Information Quality.
  • A Data Protection Impact Assessment should be completed for new processing activities to determine how data quality will be maintained
  • Information Asset Owners should determine and document the specific data quality measures in place for the Information Asset
  • Information coming into Hopscotch Nurseries must be checked for accuracy and completeness
  • Where incomplete, records should be returned to the sending organisation and the issues flagged with the appropriate lead
  • Manual quality checks should be completed on correspondence containing Personal Confidential Information
  • Systems should have the capacity to run data quality reports to identify duplications or incomplete records
  • Procurement of systems should include built in measures to maintain data quality such as reduction of free text boxes and the use of drop-down lists
  • Integration with other systems should consider data validation and the potential for errors requiring manual intervention
  • Data Quality audits must be completed regularly and the results reporting into the Data Protection Lead
  • Where errors are identified, appropriate mitigation is required. This includes correction, where relevant, analysis of process and appropriate action, and ongoing monitoring.
  • Understanding the cause of error and its likely consequence are a key component of improving Information Quality or managing issues that cannot be addressed through appropriate controls.

INTERNAL COMMUNICATIONS

  • All written internal communications, including emails, instant messages (e.g. Microsoft Teams, and in some cases WhatsApp), and collaborative notes may be disclosable in the event of a Subject Access Request (SAR). This applies even where the content is informal or written in a private or personal tone.
  • The organisation recognises that not all communications form part of our corporate memory and need to be retained. Routine deletion of non-essential messages is both permissible and encouraged, provided this occurs in accordance with our retention schedule and not in response to a specific request for information.
  • Once a SAR has been received, it is a criminal offence under section 173 of the Data Protection Act 2018 to delete, conceal, or alter personal data with the intent of preventing disclosure. All relevant records, including those stored in email or chat platforms, must be preserved from that point forward.
  • Staff should avoid using communication channels to share views or commentary about colleagues, performance issues, or sensitive matters. Even private messages may be within scope of a SAR and could lead to reputational, legal, or interpersonal difficulties if disclosed.
  • The organisation reserves the right to audit compliance with retention and deletion practices. Where necessary, staff may be asked to review and reduce non-essential digital communications in accordance with data minimisation principles.

APPLICATION AND AUDIT

Compliance with this protocol will be audited and the results fed into the Plan, Do, Check, Act Cycle described in the Information Risk and Audit Protocol.
  • Staff must confirm that they have read and understood this protocol
  • This protocol will be reviewed annually or sooner in the event of significant learning or change
  • This protocol should be read in conjunction with the other protocols in the Data Protection and Security policy suite

APPENDIX A: CREATING A SUMMARY HR RECORD

The National Archives provides  guidelines  around the retention periods for different records within the personnel file of staff members.
HMRC makes a general recommendation relating to the retention of payroll data however, new requirements mean that documents that had a bearing on pension entitlement should generally be kept for 100 years from date of birth.
Medical or occupational health records should be filed as a separate sub-set of individual personal files to allow for separate retention, if necessary.
The guidance below serves to simplify the NA guidelines so that there are 3 main actions to be taken 6 years after a staff member has left Hopscotch Nurseries, when a summary is being made;
    Delete / Destroy the data (this is because it has either hit or exceeded its retention period. There are some documents which might have a shorter retention period however, it is disproportionate to expect personnel files to be reviewed each year to identify specific documents for destruction. Instead, the 6-year review allows for a group of documents to be deleted together as a proportionate response, reducing risks to the rights and freedoms of employees.)
    Retain the document as a record itself (this is mostly for records that are required to be retained until the person is either 75 or 100 years old. Some files will be reviewed again when the person is 75 and a final deletion will be made when the person is 100)
    Make summary notes and delete/ destroy the original. It is recommended that a summary sheet is added to the front of the summary record for notes made relating to these records.
At the 6-year review, the following actions may be taking against each type of record;
Title
Title
Title
Record
Action at 6-year review
Next review and delete
Written particulars of employment Contracts of employment, including the Certificate of Qualification or its equivalent and including the Senior Civil Service Changes to terms and conditions, including change of hours letters
Retain documents as part of summary
Aged 100
Job History - consolidated record of whole career and location details (paper or electronic)
Retain documents as part of summary
Aged 100
Current address details
Delete / Destroy
NA
Record of location of overseas service
Retain documents as part of summary
Aged 100
Variation of hours - calculation formula for individual
Delete / Destroy
NA
Promotion, temporary promotion and/or substitution documentation
Make summary note and delete / destroy associated documents
NA
Working Time Directive opt out forms
Delete / Destroy
NA
Record of previous service dates
Make summary note and delete / destroy associated documents
NA
Previous service supporting papers
Make summary note and delete / destroy associated documents
NA
Qualifications/references
Delete / Destroy
NA
Transfer documents (OGD E18)
Make summary note and delete / destroy associated documents
NA
Annual/Assessment reports or summary of performance marks where an open reporting system operates
Delete / Destroy
NA
Annual/Assessment reports for the last five years of service or summary of performance marks where an open reporting system operates
Retain documents as part of summary
Aged 100
Training history
Delete / Destroy
NA
Travel and subsistence - claims and authorisation
Delete / Destroy
NA
Annual leave records (dependent on departmental practice)
Delete / Destroy
NA
Job applications – internal
Delete / Destroy
NA
Recruitment, appointment and/or promotion board selection papers
Delete / Destroy
NA
Building society references
Delete / Destroy
NA
Health Declaration
Retain documents as part of summary
Aged 100
Health referrals, including: Medical reports from doctors and consultants Correspondence with the appointed medical adviser to the PCSPS (currently BMI Health Services and, previous to that body, the Occupational Health and Safety Agency Ltd, the Civil Service Occupational Health Service or the Medical Advisory Service (MAS))
Retain documents as part of summary
Aged 100
Papers relating to any injury on duty
Retain documents as part of summary
Aged 100
Medical reports of those exposed to a substance hazardous to health, including: Lead (Control of Lead at Work Regulations 1980) 40 years from date at which entry was made Asbestos (Control of Asbestos at Work Regulations 1996) 40 years after last record Compressed Air (Work in Compressed Air Regulations 1996) 40 years from date of last entry Radiation (Ionising Radiation Regulations 1985)
Retain documents as part of summary
Aged 100
Medical/Self Certificates – unrelated to industrial injury
Delete / Destroy
NA
Welfare papers
as long as it has been 6 years since last action - Delete / Destroy
NA
Security personnel files
Retain documents as part of summary
Aged 100
Bank details - current
Delete / Destroy
NA
Death Benefit Nomination and Revocation Forms
Retain documents as part of summary
Aged 100
Death certificates (original)
Send back to Provider
NA
Death Certificates (copy)
Retain documents as part of summary
Aged 100
Decree Absolutes (original)
Send back to Provider
NA
Decree Absolutes (copy)
Retain documents as part of summary
Aged 100
Housing advance
as long as it has been repaid - Delete / destroy
NA
Marriage certificate and documentation relating to civil registration (original)
Send back to Provider
NA
Marriage certificate and documentation relating to civil registration (copy)
Retain documents as part of summary
Aged 100
Unpaid leave periods (such as maternity leave)
Retain documents as part of summary
Aged 100
Statutory maternity pay documents
Delete / Destroy
NA
Other maternity pay documentation
Delete / Destroy
NA
Overpayment documentation
as long as it has been repaid - Delete / destroy
NA
Personal payroll history, including record of pay, performance pay, overtime pay, allowances, pay enhancements, other taxable allowances, payment for untaken leave, reduced pay, no pay, maternity leave
Retain documents as part of summary
Aged 100
Pensions estimates and awards
Retain documents as part of summary
Aged 100
Record of: Full name and date of birth National Insurance number Pensionable pay at leaving Reckonable service for pension purposes (and actual service where this is different, together with reasons for the difference) Reason for leaving and new employer’s name (where known) Amount and destination of any transfer value paid Amount of any refund of PCSPS contributions Amount and date of any Contributions Equivalent Premium paid All other papers relating to pensionability not listed above (such as papers about pensionability of other employment (including war service); extension of service papers; papers about widow’s, widower’s, children’s and other dependant’s pensions;correspondence with the Cabinet Office, otherdepartments and pension administrators, or theofficer and his/her representatives (MPs,unions or others) about pension matters
Retain documents as part of summary
Aged 100
Resignation, termination and/or retirement letters
Retain documents as part of summary
Aged 100
Pension and Pay
Added years (pension and pay)
Retain documents as part of summary
Aged 100
Additional Voluntary Contributions (AVC)
Retain documents as part of summary
Aged 100
Payroll input forms
Delete / Destroy
NA
Bonus nominations
Delete / Destroy
NA
Complete sick absence record showing dates and causes of sick leave
Retain documents as part of summary
Aged 72
Statutory Sick Pay (SSP) forms
Retain documents as part of summary
Aged 100
Papers relating to disciplinary action which has resulted in any changes to terms and conditions of service, salary, performance pay or allowances
Retain documents as part of summary
Aged 72
Authorisation for deputising, substitution allowance and/or overtime/travel time claim
Delete / Destroy
NA
Advances for: Season tickets Car parking Bicycles Christmas/holidays Housing
As long as it has been repaid - Delete / destroy
NA

For any questions or concerns related to this document, please speak with your Data Protection Officer.

APPENDIX b: KEY RECORDS RETENTION SCHEDULE

Title
Title
Record
Retention Schedule
Incidents
Serious 20 yrsNot serious 10 yrs
Complaints
10 years
Application Forms / CVs
(suggestion) Retained for no more than 7 months unless consent obtained
Payroll
7 Years
Pension
Minimum of six years (except for records of opt-outs which they must keep for four years) in line with Pension Regulator Guidance
Personnel File
See Appendix B
CCTV
28 days to 3 months then record over (for longer retention, speak with DPO)
Telephone Recordings
28 days to 3 months then record over (for longer retention, speak with DPO)
DBS Records
Retain code and destroy certificate

APPENDIX C: PRAGMATIC ANNUAL RECORDS REVIEW

The following are some suggested actions that can be undertaken annually in an attempt to minimise the risk posed through inappropriate retention of records or poor records management.

Staff email requesting written confirmation regarding their personal accountability.

Good Morning,
We are undertaking our annual records management audit and we appreciate your input
  • Please confirm that any records are stored within the shared drive or on the software system and not in your individual or laptop drives (good practice to obtain email confirmation from each staff member)
  • Please confirm that you have moved personal data related to families from your email folders into the shared drive to form part of the corporate memory

Undertake a review of the contents of the shared drive and filing cabinets.

Review should identify;
  • Any records related to incidents that are older than 10 years
  • Any records related to serious incidents that are older than 20 years
  • Any records related to complaints that are older than 10 years
  • Any application forms or CVs that are older than 7 months (including in inboxes) – for unsuccessful candidates
  • Any records related to payroll activity that are older than 7 years (only where employee has left
  • There are no full personnel files that are older than 6 years (once person has left) providing a review and summary has been made
  • There are no Disclosure and Barring Certificates retained (only the reference number should be retained)