Rank: Forum user 
|
Hello fellow IOSH members. I work part time for a leisure centre trust and we are updating our data retention policies in preparation for GDPR regulations. What retention times are other organisations adapting for incident records? Any reasons for extending the 3 year limit other than if a claim is made during that period?
Many Thanks Ann
|
|
|
|
|
|
Rank: Forum user
|
I had a meeting regarding our GDPR regs yesterday.
We keep our paper records for 3 years, but we also log all accident/incidents on a spreadsheet. We will probably keep the spreadsheet indefinitely or archive as we go along (although no real reason too).
The only reason I can think of keeping the information is so that stats/trends can be taken from them so we can see if we are improving year on year.
|
|
|
|
|
|
Rank: Super forum user
|
while many companies will keep for 3 years (or longer if IP under the age of 18) it may be worth discussing with your insurance company to see if there are any requirements for a longer period. I know you not asking about this, but remember health surveillance or other medical assessments may be needed for 40years + depending on legal requirements
|
|
|
|
|
|
Rank: Forum user
|
end of employment of individual + waiting time. If any issues with person such as suspect claims, be inclined to store longer - 10years + after end of employment. if relate to potential condition, suggest consider whether up to 40 year limit as for occupational health and associated stuff. look at/consider differential based on severity of incident so that you can store for less significant one to timescale a, and more significant ones on a case by case basis, with review or mechanism to vary away from the Policy.
|
 1 user thanked Stuart Smiles for this useful post.
|
|
|
|
Rank: Forum user
|
I checked with our insurers and they want incident reports etc keeping for up to 8 years - i.e. person reaches age of 21 + 3 years (many are only 16 now). I thought I was being cautious hanging onto them for 5...glad I asked before I shredded/deleted them!
|
|
|
|
|
|
Rank: Super forum user 
|
Originally Posted by: lorna  I checked with our insurers and they want incident reports etc keeping for up to 8 years - i.e. person reaches age of 21 + 3 years (many are only 16 now). I thought I was being cautious hanging onto them for 5...glad I asked before I shredded/deleted them!
Having worked as an insurance surveyor from 1997 to 2017 the standard advice was to keep for 5 years - I have no idea why insurers are now quoting 8 years - that does seem a bit OTT. Of course if the incident involved chemicals then I suppose the COSHH regulations would apply and you would need to keep them longer. Lorna did your insurer give you any reason why they were specifying a retention time of 8years?
|
|
|
|
|
|
Rank: Forum user
|
I thought it was 3 years after they reached 18 (i.e. became an adult) but the insurer was quite insistent that it was 21 + 3. As most of our reported injuries requrie little more than a plaster or an ice-pack, it does seem rather OTT to me too!
|
|
|
|
|
|
Rank: Forum user
|
Lorna, Your insurer may have contractual claims in mind where the limitation period is 6 years, as well as personal injury claims where the limitation period is 3 years (after the IP's 18th birthday if he/she is a child). A key requirement of the GDPR is that you only collect the mimimum amount of data necessary and keep it for the minimum period. It might be a defence that you are following insurers instructions but I would seek that requirement from your insurer in writing (an email will do as long as it can be accessed in the future).
I hope this helps. DJ
|
|
|
|
|
|
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.