Information Governance and Retention. The GDPR requires that personal data and special categories of personal data is not retained for longer than necessary. Partner organisations may have their own organisational, legal or procedural requirements for records retention and disposal. These retention schedules should be observed and applied at all times. Where no such organisational procedure exists, it is essential to keep pertinent information as long as there continues to be a need for protection arrangements, to ensure that protection arrangements are not compromised and equally that such information is securely disposed of when no longer required. Where information is to be shared via granting inter-organisational access to systems operated by partner organisations, the ‘owning’ organisation of the system will draft and agree an Access Agreement with the partner organisation to govern the activities of partner staff using the system.
Appears in 4 contracts
Samples: Sharing Agreement, Sharing Agreement, Sharing Agreement
