GDPR and Record Keeping

We have received a number of queries from clients regarding record keeping in light of the Data Protection Act 2018.

Currently in our policy wording notes: -

The records shall be kept for at least 7 years following the last occasion on which treatment was given. In the case of treatment to minors, it is advisable that records should be kept or at least 7 years after they reach the age of majority (18).

Record Keeping - Condition 2 c, on page 31

The Statute of Limitations in the UK (i.e. time when an individual is able to bring a claim) is 6 years for certain injury claim situations, or 6 years after the individual reaches the age of majority in the case of minors, hence our policy conditions. Your records are your best line of defence in any claim situation hence the need to keep the records for at least this long, and there are provisions under the GDPR with regards to keeping records to defend yourself in a claim situation (https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/right-to-erasure/ - When can I refuse to comply with the right of erasure).

The information above is provided as guidance only and is not exhaustive. It does not supersede, amend or negate the provisions of the DPA 2018 and GDPR or any other applicable data protection legislation. For more detailed or specific guidance please refer to: www.ico.org.uk