Hopefully you are currently reviewing all of your activities in your department, in relation to GDPR and 25th May 2018. You may well keep precedent letters, and things that you have created that are useful for you, or other members of you team, to save yourself from having to reinvent the wheel the next time you do something. If the frequency with which we are sent Settlement Agreements with the wrong employee’s name in part-way through, it is clear that people are recycling agreements!

When you’re creating the document and including personal data relating to an individual, such as their name and address, you will be doing this for purposes such as your legal obligations or carrying out of the employment contract. However, by the time the document gets used as a precedent in the future those legal purposes for processing that particular individual’s personal data are likely to have fallen away and there could also be issues regarding access without the correct level of authorisation.

Hopefully you’re already thinking about things like password protecting documentation, and making documents only capable of being edited or accessed by those with the right password access, if you’re creating a precedent bank you should be annonymising the documents before they go in, and have set-up a system for approval for this.