|Version number||Date of release||Policy owner||Authorised by|
|1.0||08/09/2023||Naomi da Silva, Head of Business Assurance||Board of Trustees|
Central YMCA (‘the Charity’) defines records as any data or information in all physical forms or media, created or received by the organisation while carrying out its business activities. Accurate and relevant information is vital to the efficient running and management of the organisation. It is important to balance our statutory and contractual obligations (for example, annual reporting requirements), with our duties of confidentiality for personal and sensitive records.
The Charity will comply with all relevant legislation, including the UK GDPR and the Data Protection Act, as updated from time to time, and aims to achieve standards of best practice by adopting principles from bodies such as the International Organisation for Standardisation (ISO).
This Policy outlines the Charity’s commitment to maintain records of its activities, the key principles for managing and disposing of records in all media, and the roles of all Central YMCA stakeholders in the Charity’s management of its records.
The Charity will ensure that staff have access to information management training and will encourage staff to manage records properly by providing supporting standards, procedures and guidelines. The Charity’s retention schedules outline the retention periods for a range of records relating to the personal data of individuals who come into contact with the Charity, whether as employees, service users, volunteers etc. This policy aims to ensure that these records are managed consistently and are only retained for as long as necessary to meet operational and business needs, and to demonstrate compliance with legal and regulatory requirements. It applies to all the listed categories in whatever format they are held (i.e. paper or electronic).
The Charity is aware that information held for longer than is necessary carries an additional degree of risk and cost and that records and information should only be retained for legitimate business use and be kept accurate and secure. The Charity will ensure that information is not kept longer than is necessary and will only retain the minimum amount of information that it requires.
The Records Retention and Disposal Policy operates alongside and supplements the Charity’s Data Protection Policy. This policy applies to the management of all records, data and information in all physical forms or media, created or received by the Charity while carrying out its business activities.
Examples of types of record include (but are not limited to):
documents (including written, typed or annotated copies);
electronic files (including word-processed documents, emails, instant messages (Microsoft Teams), internet/intranet pages, databases, spreadsheets and presentations) including on disks, CDs, DVDs, SD (secure digital) devices;
reports & annual monitoring forms (including accounts and audits); and
This policy and any procedures associated with it apply to anyone who has access to Central YMCA records, in whatever form and can include:
permanent staff members, Trustees and Committee Members;
temporary staff members;
This policy complies with the following acts, regulations and best practice standards:
Charities Act 2011
The Companies Act 2006; Finance Act 2008; Finance Act 1998; Finance Act 2003; Finance Act 1994; Value Added Tax Act 1994; Taxes Management Act 1970; HMRC guidance; Occupational Personal Pension Schemes (Disclosure of Information) Regulations 2013; Income Tax (Pay as You Earn) Regulations 2003; National Minimum Wage Regulations 2015; Charitable Deductions (Approved Schemes) Regulations 1986
Employment Relations Act 1999 Collective Redundancies and Transfer of Undertaking (Protection of,) 1999 Maternity and Parental Leave Regulations 1999
Employment Rights Act 1996; Information Commissioner’s Employment Practices Code; Immigration (Restrictions on Employment) Order 2007; Statutory Maternity Pay (General) Regulations 1986; Working Time Regulations 1998;
Equalities and Human Resources
Equalities Act 2010
Health and Safety
Health and Safety at Work Act 1974 with regulations enforceable under the Act including the Management of Health and Safety at Work Regulations 1999 (the Management Regulations), Workplace (Health, Safety and Welfare) regulations, Environmental Protection Act
Corporate Manslaughter and Corporate Homicide Act 2007; Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013
Data Protection Act of 2018; UK General Data Protection Regulation
Civil Evidence Act 1995; The Limitation Act 1980; Bribery Act 2010; Copyright Designs and Patents Act 1988; Trade Marks Act 1994
Retention and disposal schedules recommended by the National Archives (former Public Records Office)
Board of Trustees
Overall responsibility for the policies and procedures that govern the work at Central YMCA.
Overall responsibility for ensuring Central YMCA’s resources are used effectively and appropriately.
Policy Owner and Senior Information Risk Owner (SIRO)
Responsible for understanding how the strategic business goals of the organisation may be impacted by any information risks, and for taking steps to mitigate them. The SIRO is accountable and responsible for information risk across the Charity. Responsible for ensuring guidelines are in place and that policies and procedures reflect our charitable ethos and commitment to equality and diversity.
Data Protection Officer (DPO)
Accountable to the Executive Team and responsible for giving advice about the management of personal data within Central YMCA and for ensuring that compliance with data protection legislation and good practice is achieved and can be demonstrated.
Information Asset Owners
Senior /responsible individuals usually running an operation or central service function. Their role is to understand what information is held, what is added and what is removed, how information is moved, and who has access and why.
All Line Managers
Responsible for ensuring all employees are aware of and follow this policy.
All Employees and Volunteers
To follow policies and procedures, promoting best practice throughout the organisation.