Automatic redaction of personal data

Every housing and homelessness team using Locata systems has amassed significant personal data from its customers.

That data is held securely for you in the “cloud” using Micosoft servers based in the UK. Using the official GDPR definitions, Locata undertake that role for you as the “Data Processor”.

However, the personal data should not be kept for longer than it is needed and it is for the local authority as the “Data Controller” to decide when it should be redacted (deleted). 

Under UK GDPR rules there is no specific time limit for keeping the data. It is up to the owner of the data (the local authority, or occasionally an RP) to justify how long it is needed.

The Information Commissioner's Office (ICO) says that personal data held for too long risks becoming "irrelevant, excessive, inaccurate or out of date" and that "you are unlikely to have a lawful basis for retention."

All Locata systems have the ability to manually redact data held, while still retaining records of non-personal data for reporting purposes.

However, some of our customers have asked us to automatically redact records after a set period of years has passed since a customer has had contact with them.

The ICO says that "automated systems that can flag records for review or delete information after a pre-determined period" can be "particularly useful if you hold many records of the same type."

The retention time period required tends to be different in each local authority but can be five or seven years depending on the data held.

Many of our customers are now approaching five years of using Locata systems and have reached the point that redaction of data should be considered in line with their local policy.

Other clients may have been with us for a shorter time but have migrated data from previous providers.  This data should also be considered for redaction.

Please contact your Locata Project Manager if you would like to discuss automatic redaction of records in line with your own data retention policy.

In most cases there is no implementation cost, although the automated redaction service will attract additonal annual support fees.

To find out more about the GDPR Principle of Storage Limitation, please follow this link to the ICO’s guidance.

If you like it, share it


Latest Tweets



Scroll to Top