You must follow these rules for different types of data:
Membership data must be downloaded from the Portal and not held locally other than for the time it takes to complete a mailing or other task.
- Find out more about Using membership data
Volunteer application forms
We don’t expect your group to hold personal information about potential volunteers. If a candidate who submitted a paper application form is successful, either email or post it to our Supporter Care Team. If you don’t recruit them, you must destroy their application form.
- See our guidance on Recruiting volunteers
Health and safety documents
You must post or email Accident and Incident Report Forms to our Head of Health and Safety and destroy all copies.
Health and safety documents such as Physical Activity Readiness Questionnaires (PARQ) must be reviewed annually and kept for three years after a person stops taking part in a service.
- Find out more about our Risk management system
Our Online Accounting system enables you to safely store financial data relating to individuals. You must retain any other financial data for seven years to meet HMRC requirements.
- Learn about Managing your finances
If your group awards grants, you must hold grants information for seven years following the issue of a successful grant application. Unsuccessful applications must be destroyed one year after the decision was made.
- Find out more about our National Grant Funds
We don’t expect Lead Support Volunteers or Support Volunteers to hold personal information about people using your MS Support service, or make case notes about enquiries you have taken, and you must not do so.
- See our guidance on Offering MS Support
You must retain personal information such as attendance lists and routine correspondence to and from individuals about events for one year following the event.
- Find out more about Organising an event
Stories and photos
Stories and photos must be stored and used for no longer than three years. You must keep the Consent Form for the full duration of use plus another year after the deletion of the stories and photos themselves.
- See our rules for using Images and stories
Paper records must be shredded or burnt when no longer needed. Electronic records must be deleted from your PC or device’s storage, and the ‘recycling bin’ must be emptied.
When it’s time to replace IT equipment and phones, or you wish to pass them on to someone else, you should reformat disks to ensure that all content is deleted.
Our Data Governance Team is here to make sure we all meet our personal data, information handling and record keeping obligations. Contact us for help with any data compliance questions you may have.
- Get contact details for our Data Governance Team
Back to Handling data