GDPR Policy

Costplan Group is committed to managing its records, in whatever format, to minimum agreed standards. This Policy establishes how Costplan Group will manage its records. We will create and manage records efficiently, make them accessible where possible, protect and store them securely and dispose of them safely at the right time.
This document provides the policy framework through which this effective management can be achieved and audited. We aim to balance our commitment to openness and transparency as an effective organisation.

It covers: –

  • Aims
  • Scope
  • Definitions
  • Responsibilities
  • Relationship with existing policies
  • Storage
  • Disposal

The aim of this policy is to consolidate a consistent approach to Records Management across all functions within Costplan Group and establish requirements designed to help staff meet legal obligations relating to Records Management and to manage records so that their value as a corporate resource for Costplan Group is fully exploited.

It will ensure that non-essential records are destroyed in a consistent and confidential manner in line with Costplan Group’s disposal schedule. It allows Costplan Group to identify what it retains as a permanent record of its activities. The schedule also enables the destruction of those records which have outlived their administrative usefulness and are without significance for the historical or legal record.

This policy applies to all records created, received or maintained by staff of Costplan Group during the carrying out of their project work. Records and documentation created throughout the project/s whether internally and externally are also subject to Costplan Group’s contractual record keeping requirements. These records may exist in printed or digital form.

Records are defined as any information, regardless of format or medium, captured in a reproducible format.
A document is any piece of written information in any form, produced or received by an organisation or person. Note all records start off as documents, but not all documents will ultimately become records.
Records Management is the creation, maintenance, control, storage and disposal of records in a way which facilitates their most appropriate, efficient and effective use.

A Disposal Schedule is a list of records and the appropriate time limits that they must be kept for before they can be confidentially destroyed or transferred to archives for permanent storage. This document also defines who within Costplan Group is responsible for the storage and disposal of records.

Costplan Group has a corporate responsibility to maintain its records and record-keeping systems in accordance with the regulatory environment. The Global Operations Director and Administration team is responsible for the implementation of a corporate Records Management procedure Costplan Group.

Governance is responsible for drawing up guidance for good Records Management practice and promoting compliance with this policy and is responsible for the co-ordination of the Records Management function across Costplan Group. It is also the responsibility of Governance to work with all areas of Costplan Group to ensure that this policy is understood and adhered to.

IDT is responsible for supporting good Records Management by providing guidance and codes of conduct on the use of IT systems. IDT is also responsible for the security of data held electronically.

Directors, Costplan Group Staff and Associates must ensure that records for which they are responsible are accurate and maintained and disposed of in accordance with Costplan Group’s Records Management guidelines. They should develop local best practice guidelines to follow and adopt Records Management principles. All records within Costplan Group should have an identified ‘owner’ responsible for their management whilst in regular use.

All Costplan Group staff and Associates who create, receive and use Costplan Group records hold Records Management responsibilities. All members of staff are responsible for ensuring they exercise good Records Management in their daily working practice, which includes:

  • The creation and maintenance of accurate and reliable records, where applicable to their role
  • Ensuring electronic records are properly maintained and that they capture core information and remain accessible, readable and authentic
  • Ensuring the security of records, irrespective of format, and for ensuring that access to records is only granted to those who are permitted to view them
  • Following guidance provided in the Records Disposal Schedule with regard to the retention and disposal of records
  • Ensuring records of a sensitive or personal nature are handled appropriately and in accordance with legal requirements
  • Supporting efficiency and environmentally by avoiding duplication and only printing emails and electronic records when necessary.

Members of staff should receive an introductory briefing on Records Management procedures.

Records should be appropriately stored with due regard for efficiency, cost-effectiveness, security, durability and access. Appropriate procedures and processes should be put in place to ensure the physical and intellectual security of Costplan Group records.

Storage conditions and handling processes should be designed to protect records from unauthorised access, loss or destruction and from theft and disaster.

The retention of records for longer than necessary is discouraged and the duplication of records should be limited to optimise the use of space for storage purposes.

Records should be disposed of in accordance with agreed retention schedules. The retention schedule should be reviewed regularly and adjusted if necessary. At the expiration of their currency, records should either be destroyed or transferred into a soft copy file.


Aaron Tomsett Andrew Shutt

Group Director Health and Safety Director