LibGuides: Research Data Management: Retention and destruction

Data Management Plans (DMPs) - Retention and destruction

It will usually be necessary or appropriate to retain research data which forms the basis of published research findings for a significant period after the end of the active research period. This may be due to funder or auditing requirements, or perhaps for future research.

Retention periods should be documented in the Data Management Plan for all research data and associated documentation. This is to ensure data and documentation are kept only for as long as necessary:

The storage limitation principle under UK GDPR specifies that personal data should not be kept for longer than it's needed.
It is an inefficient use of resource to store data and documentation indefinitely when it's no longer useful to do so.

This must include retention and destruction of data hosted by third parties, for which BU is the data controller. For example, when and how data held by data collection tools/services will be destroyed.

These should be documented in the following sections/questions of the BU Data Management Plan (DMP) template:

Ethical and legal compliance

Will anyone else have access to any of the data at any point?
Will any of the data be received from partners outside of the UK? > International data transfers
Briefly list the countries/partners where data will be received from.
Will any of the data be sent to partners outside of the UK? > International data transfers
Briefly list the countries/partners where data will be sent to.
Provide brief details of anyone else who will have access to any of the data. > Restricting access to authorised persons and organisations

Storage, back-up, and security

Do you plan to keep identifiable participant data after the study has finished? > Storage limitation and retention periods
Provide a justification if you plan to keep identifiable participant data after the study has finished.
How and when will personal or other sensitive data be deleted/destroyed? > Data destruction > Storage limitation and retention periods

Retention period

Unless funder requirements specify otherwise, research data underpinning findings in publications should be accessible for at least 10 years. This is in line with Principle 2 of UKRI's Common principles on research data as specified in their Guidance on best practice in the management of research data.

As a rule, project documentation (consent forms, protocols, ethical review forms, administrative documentation, participant details, health and safety records etc.) should be retained in line with the research data.

Earlier disposal of data or project documentation containing details of participants may be considered appropriate. For example, if all the retained data has been fully anonymised.

Once the retention period has ended, data and documentation will need to be reviewed to decide whether to extend retention, or to destroy them.

Data destruction

It is necessary to specify in a Data Management Plan how you plan to securely destroy data when it is no longer needed. The UK Data Service has advice on secure disposal.