Retention Principles
Jesus Youth UK does not keep personal data for longer than is necessary for the purpose for which it was collected. We have established retention periods for different types of data, in line with UK GDPR requirements, legal obligations, and sector best practice.
Retention Periods
| Data Type | Retention Period | Basis |
|---|---|---|
| Event registration forms | 2 years after the event | Legitimate interests |
| Medical/dietary information | Destroyed within 3 months of the event concluding | Consent |
| Photographs and videos | Reviewed annually; deleted when no longer needed or consent is withdrawn | Consent |
| Volunteer records | 3 years after the volunteer ceases their role | Legitimate interests |
| DBS certificate details | Certificate details recorded; certificates themselves are not retained beyond 6 months | Legal obligation / ICO guidance |
| Staff employment records | 6 years after employment ends | Legal obligation (HMRC, employment law) |
| Payroll and tax records | 6 years after the relevant tax year | Legal obligation (HMRC) |
| Safeguarding records | 75 years from the date of birth of the individual concerned, or indefinitely where allegations relate to abuse | Statutory guidance / substantial public interest |
| Accident and incident reports | 3 years (or until the individual turns 21 if they were a child at the time) | Legal obligation (Limitation Act) |
| Donation and Gift Aid records | 6 years after the relevant tax year | Legal obligation (HMRC) |
| Communication and consent records | Duration of the relationship plus 2 years | Legitimate interests |
| CCTV footage (if applicable) | 30 days unless required for an investigation | Legitimate interests |
Safeguarding Records
Safeguarding records are subject to longer retention periods in line with statutory guidance and best practice. This is because:
- Safeguarding concerns may only come to light many years after they occurred
- Historical records may be needed to identify patterns of behaviour
- Individuals who were children at the time may make disclosures as adults
We follow guidance from the Church of England’s National Safeguarding Team and the Catholic Safeguarding Standards Agency (CSSA) on the retention of safeguarding records, which recommend retaining such records for 75 years from the date of birth of the individual concerned.
Deletion and Anonymisation
When data reaches the end of its retention period:
- Electronic records are securely deleted from all systems, including backups where practicable
- Paper records are securely shredded using a cross-cut shredder
- Where full deletion is not practicable, data is anonymised so that individuals can no longer be identified
Review Schedule
We conduct a data retention review at least annually to:
- Identify data that has exceeded its retention period
- Securely delete or anonymise data that is no longer needed
- Update retention periods where legislation or guidance has changed
- Ensure that no data is being held without a clear purpose
The Data Protection Lead is responsible for overseeing the retention review process and maintaining a log of deletions carried out.