GDPR Guidelines on Retaining & Disposing School Visitor Records
Collecting, managing and sharing information is key to running any successful organisation and a school is no different. Schools need to retain a huge range of information about their staff, pupils and resources whilst complying with data protection legislation such as GDPR. Obviously sensitive data such as complaints, personnel files etc will come under close scrutiny but something like the visitor register may get overlooked, even though it does fall under the GDPR regulations. As well as legislating for how you collect and store personal data, GDPR and the Data Protection Act also require a school to have a clearly defined retention policy i.e. a schedule laying down the length of time the record should be retained and the action which should be taken when it is of no further administrative or legal use.
Visitor management systems (including electronic systems, visitor books and signing in sheets) fall under an Operational Administration record category and are required to be maintained from the last entry for the next 6 years in case of claims by parents or pupils about actions in the school relating to that period.
The disposal method must be applicable to the content and format of the information and destruction must be undertaken in a way that preserves the confidentiality of the information. Paper records such as a visitor book must not be disposed with general waste in a bin or skip. For low volumes there are office shredding machines whilst for bigger volumes you have shredding cabinets or specialist confidential waste contractors. When using contractors the school retains its responsibility as data controller unless the contractor breaches the terms of the disposal contract. When choosing a 3rd party contractor you should look to work with one accredited with BSEN15713 (Secure Destruction of Confidential Material) and BS7858 (Staff Security Vetting) as well as the usual quality standards.
Electronic media should be managed and deleted in an auditable process. The method of deleting should suit the information type. It might not be as simple as just deleting a file as e-discovery and recovery tools may still be able to recover information, even if deleted at server level. Overwriting or degaussing are more secure methods of deletion as well as the physical destruction of storage media. The ICO and National Cyber Security Centre (NCSC) can give good guidance in this area.
However you dispose of the records it is vital to keep a record of all archiving, destruction, deletion and digitisation including file references, dates, methods of disposal and authorising officer. The IRMS (Information and Records Management Society) is a great resource for schools looking for detailed guidance on how to manage their visitor management (or any other data) disposal - https://irms.org.uk/page/SchoolsToolkit