The following table provides information our standard retention periods, ordered by the areas in which Denise Fowler Limited has legal responsibilities.  This table will be updated as required.

Retention requirements for personal data

GDPR Article 5(1)(e) about storage limitation specifies that personal data shall be kept for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods insofar as it will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of GDPR.

Denise Fowler Limited’s lawful basis for processing personal data is set out in our Privacy Policy.

Personal data must be periodically reviewed in accordance with Denise Fowler Limited’s retention schedules and if it is no longer needed it should be deleted or anonymised as appropriate. Anonymised data is not subject to GDPR or the Data Protection Act 2018.

Any challenges to the retention of personal data must be considered in accordance with GDPR Article 17 (Right to erasure), or the equivalent sections in the DPA 2018 if the processing is for law enforcement purposes. The right to erasure does not apply where we are legally obliged to process personal data or where the processing is necessary for performing our functions.

Where Denise Fowler Limited would be required to erase personal data but the personal data must be maintained as evidence for legal purposes or for reasons of important public interest, Denise Fowler Limited must (instead of erasing the personal data) restrict its processing.

View our Retention & Disposal schedule.