Skip to Main Content

Research Data Management: Retention and destruction

Research Data Management (RDM) Library guide

Data Management Plans (DMPs) - Retention and destruction

It will usually be necessary or appropriate to retain research data which forms the basis of published research findings for a significant period after the end of the active research period. This may be due to funder or auditing requirements, or perhaps for future research.

Retention periods should be documented in the Data Management Plan for all research data and associated documentation. This is to ensure data and documentation are kept only for as long as necessary:  

  • The storage limitation principle under UK GDPR specifies that personal data should not be kept for longer than it's needed.
  • It is an inefficient use of resource to store data and documentation indefinitely when it's no longer useful to do so.

This must include retention and destruction of data hosted by third parties, for which BU is the data controller. For example, when and how data held by data collection tools/services will be destroyed.

These should be documented in the following sections/questions of the BU Data Management Plan (DMP) template:

Ethical and legal compliance

Storage, back-up, and security

Retention period

Unless funder requirements specify otherwise, research data underpinning findings in publications should be accessible for at least 10 years. This is in line with Principle 2 of UKRI's Common principles on research data as specified in their Guidance on best practice in the management of research data.

As a rule, project documentation (consent forms, protocols, ethical review forms, administrative documentation, participant details, health and safety records etc.) should be retained in line with the research data.

Earlier disposal of data or project documentation containing details of participants may be considered appropriate. For example, if all the retained data has been fully anonymised.

Once the retention period has ended, data and documentation will need to be reviewed to decide whether to extend retention, or to destroy them.

Data destruction

It is necessary to specify in a Data Management Plan how you plan to securely destroy data when it is no longer needed. The UK Data Service has advice on secure disposal.