GDPR Retention Policy
Policy regulating the retention of documentation within the GWU
Scope
This Policy is aimed at regulating the retention, maintenance and disposal of documentation, both personal and other, within the General Workers Union, as provided for in the General Data Protection Regulation (EU) 2016/679 (GDPR), and in accordance with the principles of data protection legislation, and other legal provisions in Maltese Law.
Background
The GDPR puts forward the principle that personal data and sensitive personal data should not be retained for periods that are longer than necessary. In this context, the General Workers Union will be putting forward a retention policy for all data and documentation that it collects and processes, with the purpose of ensuring compliance to the Regulation and to ensure that no resources are utilised in the processing and archiving of data which is no longer of relevance.
Objectives
This policy aims to achieve the following objectives:
Regulate the retention of and disposal of the various types of documentation whether held in manual or automated filing systems within the General Workers Union, while adhering to the Data Protection principle that personal data should not be retained for a longer period than necessary.
Dispose of unnecessary documentation that is no longer relevant and is taking up useful storage space.
Promote the digitisation of documentation as may be reasonably possible to minimize the use of storage space required to store the required documentation, as well as to promote a sustainable use of paper and printing consumables.
Administration
Documentation is held and recorded by the Human Resources and Membership departments within the GWU. This Policy is therefore applicable to all such documentation. It will be the responsibility of the Data Protection Officer of the GWU to ensure that all provisions of this Policy are adhered to.
Documentation held within the General Workers’ Union
As part of its core operating requirements the General Workers Union, requests, keeps and maintains a wide range of documentation which may include personal data. The various types of documentation utilised by the GWU may be categorised as follows:
Human Resources Department
Personal Data of GWU employees
Attendance and absence records
Yearly leave records
Financial records including payslips, tax, and National Insurance contributions
Sick leave and medical records
Other related records
Membership Department
Personal data of members
Membership records
Resignation records
Bank Standing Orders records
Financial records including payments and statements
Companies and Organisations information whose employees are affiliated with the GWU
Other related/relevant information
Security of Documentation
Documentation is maintained in an accessible but secure location with adequate access provided to officials who have the clearance level to access the relevant documentation. In the case of documents with sensitive personal data with higher clearance levels, access control protocols are fully adhered to, to ensure that only those that have the required security clearance can access to such documentation.
In the case of personal data, the GDPR also stipulates that only those required to process personal data should have access to personal records.
Personnel who are found to be in breach of these security protocols, and thus in breach of the GDPR, will be subject to disciplinary action.
Manual vs Electronic Records
| Category | Manual/Eletronic |
| Members’ Personal Information | |
| Membership application forms | Manual & Electronic |
| Membership records | Manual |
| Resignation records | Manual & Electronic |
| Bank Standing Orders records | Manual |
| Financial records including payments and statements | Manual & Electronic |
| Employees’ Personal Information | |
| Employees Personal Files | Manual & Electronic |
| Training courses provided | Manual & Electronic |
| Disciplinary reports and charges | Manual & Electronic |
| Medical Insurance records | Manual & Electronic |
| Attendance and Absence records | |
| Attendance record sheets | Manual |
| Vacation leave forms | Manual & Electronic |
| Yearly leave balances | Manual & Electronic |
| Medical records | |
| Sick leave certificates | Manual |
| Sick leave records | Manual & Electronic |
| Medical referrals and history | Manual |
| Financial Documentation | |
| Tax and National Insurance Records | Manual & Electronic |
| Accounting records | Manual & Electronic |
| Financial statements | Manual & Electronic |
RETENTION PERIOD
Retention of different categories of documents is governed by different requirements and different legislation and regulations. The following schedule outlines the retention requirements for the various categories of documentation within the General Workers’ Union.
| Category | Retentetion Period |
| Mermbers’ Personal Information | |
| Membership application forms | Manual 1 year. Electronic throughout the full membership period plus an additional 1 year after the membership becomes dormant. |
| Membership records | Electronic throughout the full membership period plus an additional one year after the membership becomes dormant. |
| Resignation records | 5 years |
| Bank Standing Orders records | Manual 1 year. Electronic throughout the payment method usage period plus an additional 1 year. |
| Financial records including payments and statements | 5 years |
| Employees Personal Information | |
| Employees Personal Files | 5 years |
| Training courses provided | 5 years |
| Disciplinary reports and charges | 5 years |
| Medical Insurance records | 5 years |
| Attendance and Absence records | |
| Attendance record sheets | 5 years |
| Vacation leave forms | 5 years |
| Yearly leave balances | 5 years |
| Medical records | |
| Sick leave certificates | 5 years |
| Sick leave records | 5 years |
| Medical referrals and history | 5 years |
| Financial Documentation | |
| Tax and National Insurance Records | 10 years |
| Accounting records | 10 years |
| Financial statements | 10 years |
CONCLUSION
This retention policy aims to achieve a good working balance between the retention of useful and meaningful information in line with the provisions of the relevant legislation and the disposal of data which is no longer required and is being archived unnecessarily. Data that needs to be destroyed after the noted timeframes will be disposed of in an efficient manner to ensure that such information will no longer be available within the General Workers Union. The Head of Departments and the Data Protection Officer are aware of the noted retention periods and will instruct all relevant personnel to follow the indicated procedures accordingly.
