• 1. Purpose
• 2. Scope
• 3. Definitions
• 4. Policy Statement
• 5. Roles and Responsibilities
• 6. Policy Detail and Procedures
• 6.1 Retention Schedule
• 6.2 Archiving Standards
• 6.3 Deletion Procedures
• 6.4 Data Minimisation and Duplication
• 7. Related Policies and References
• 8. Compliance and Breach Handling
• 9. Review and Version Control
• 10. Approval Record

1. Purpose

This policy sets out how the Western Equestrian Society (WES) retains, reviews, and securely disposes of records and personal data. It supports compliance with UK GDPR, meets legal obligations, and ensures that WES holds only what it needs.

The goal is to maintain data that is useful, lawful, and proportionate to our activities, while archiving or deleting older records in a secure, structured, and justifiable way.

2. Scope

This policy applies to all digital and physical data held by WES, including membership and contact records; event and clinic registrations; financial and transaction data; Council documentation; safeguarding, disciplinary, and complaints files; marketing or mailing list data; and shared drive and archived folders. It applies to all Officers, Council members, and authorised volunteers managing or storing Society records.

3. Definitions

• Retention Period: The minimum or maximum time a record is kept before being reviewed, archived, or deleted
• Archiving: Moving a document out of active use but retaining it securely for compliance, governance, or historical value
• Deletion: Permanent removal of a document or data record
• Personal Data: Any information relating to an identifiable living person

4. Policy Statement

WES will only retain personal data and documents for as long as there is a clear operational, legal, or governance need. Where retention is no longer necessary, records will be securely deleted or archived. The Secretary is responsible for ensuring that retention periods are adhered to, documented, and reviewed annually.

5. Roles and Responsibilities

6. Policy Detail and Procedures

6.1 Retention Schedule

WES will follow the retention periods below unless a legal or operational reason exists to extend them:

6.2 Archiving Standards

• Archived documents must be clearly labelled and stored in the _Archive subfolder within the relevant data room category
• Archived files must not be edited without restoring to the active folder and documenting the change
• The Secretary will conduct an annual archive check and remove expired records

6.3 Deletion Procedures

• Deletion will be permanent and irretrievable
• Physical documents will be shredded or securely destroyed
• Digital deletions must be confirmed by the responsible Officer and logged by the Secretary where personal data is involved

6.4 Data Minimisation and Duplication

• WES Officers must avoid holding multiple copies of the same file in different locations
• Personal data should not be retained in email or informal spreadsheets once the official source record is available
• The use of shared drives is encouraged to prevent shadow storage or version loss

7. Related Policies and References

• Data Protection (GDPR) Policy (WES-POL-0014)
• Subject Access Request Procedure (WES-POL-0015)
• Financial Controls Policy
• WES Retention Schedule and Archive Log (Templates and Tools folder)

8. Compliance and Breach Handling

Failure to follow this policy may result in over-retention of personal data in breach of UK GDPR, loss of records required for governance or audit, or inadvertent disclosure through poor archiving or deletion practices. Breaches must be reported to the Secretary. Repeated non-compliance may result in a review of access permissions or escalation through the Disciplinary Procedure.

9. Review and Version Control

10. Approval Record