Asset Asset Title Asset Description Purpose

place of storage
Location/ system or

Lead Officer
Number

Whats is an Information Asset?

We collect information and data for different reasons and in

different ways. An information asset is a category of data or
type of data set that we routinely collect. So for example
'Public experience' or 'Employment Data' or 'Annual Reports'.
As each asset type has a different set of data contained
within it the way we manage that data will need to be
evaluated on an individual basis.
 Healthwatch XXXX Information Asset Regist
Data Controller: XXXX Accountable Officer: X
Data Protection Officer: XXXX
Data Processor
Protective Marking

Protection Rating

Vital record
Other Security Measures

Personal Data
Lawful Basis for
if applicable if applicable Processing
Personal Data
(Article 6)

Yes 1 Yes E.g.: Restrictions None Section 1 (a)

No 2 No E.g.: Use of PseudonymsPI Section 1 (b)
3 CPI Section 1 (c)
4 Section 1 (d)
5 Section 1 (e)
Section 1 (f)
X Information Asset Register
XX Accountable Officer: XXXX
ection Officer: XXXX
Special Category Lawful Basis for Data Subject Personal Data Categories
Personal Data Processing Special Categories
Category Data
(Article 9)

Ethnicity Section 2 (a) E.g.: Employee E.g.: Employment Data

Political Section 2 (b) E.g.: Patient E.g.: Insight/feedback
Religion Section 2 (c) E.g.: Participant E.g.: Enquiries
Membership Section 2 (d) E.g.: Practitioner E.g.: Engagement
Genetic Section 2 (e) E.g.: Caller
Biometric Section 2 (f) E.g.: Stakeholder
Health Section 2 (g)
Sexual Orientation Section 2 (h)
Section 2 (i)
Section 2 (j)
Retention Retention

In public domain
Intended or Likely Notes
Notes Recipients

Yes
No
 Guide to Protective Marking and Ratings
Column H: Government protection ratings - Is it Official Sensitive? Yes/No

Column I: Protection Personal Data Sensitivity

Ratings
1 No personal data or data and Publically available, no
derived from personal data identified reputational risk

2 Low volumes of identifiable or Not publicly available, low

personal data that is already sensitivity, limited
publicly available or not reputational risk.
confidential. Anonymised or
aggregated data with low
sensitivity and/or low risk of
self-identification

3 Low volumes of identifiable or Not publically available, some

personal data that is already
publicly available but is low
sensitivity. Anonymised or
aggregated data with high
sensitivity but low risk of re-
identification or vice versa
sensitivity and risk of limited
impact on the Healthwatch
reputation and/or key
relationships

4 High volumes of identifiable or Not publically available,

personal data that is not sensitive records with
already publically available, likelihood of significant impact
and is of medium sensitivity. on the Healthwatch reputation
Individual (or very small and/or key relationships.
numbers of) records
containing sensitive personal
data. Anonymised or
aggregated data with high
sensitivity and medium risk
of re-identification or vice
versa.
 5 High volumes of identifiable or
confidential personal data or
of sensitive and potentially
re-identifiable personal data,
or high sensitivity personal
information about a single
individual.
Not publically available, very
high sensitivity, high likelihood
of very significant impact on
key relationships, high
likelihood of very significant
reputational harm to
Healthwatch

Column J: Vital record Vital records are the essential records required for business continuity in the event
definition organisation cannot re-establish itself and restart its core functions. It is essential t
necessary protection.
king and Ratings
Criticality/ Legal
Requirement
and Not a vital record, no legal
requirement to retain or
publish, no risk
or Not a vital record, no legal
requirement to retain or
publish, limited risk
or Vital record or information
that Healthwatch is required patient surveys, data
to retain or publish but where share with Healthwatch
the record is duplicated
elsewhere and/or where there
is no immediate need to.
or Vital record where loss,
corruption or unavailability
carries risk of serious impact
on Healthwatch's ability to
exercise its functions.
Examples
Press release, leaflets
and posters
Draft versions of
published reports
Detailed statistics from
England via the CRM.
Patient identifiable
feedback. Healthwatch
and/or other staff
records, notes and
minutes. Board and
committee minutes and
papers relation to
ongoing confidential
issues.
 or Vital record where loss,
corruption or unavailability
will have an immediate
impact on Healthwatch's
ability to exercise its
functions. Records containing
financial information which
could facilitate serious fraud
or other crime.
Any identifiable data
that references mental
health, sexual health,
substance abuse etc.
Commercially sensitive
information or key
financial and payroll
records.

ss continuity in the event of a catastrophic incident. Without them the

functions. It is essential that vital records are identified and given the
Column M:

Article 6 Section 1
Processing shall be lawful only if and to the extent that at least on the of the following applies:

(a)

(b)

(c)

(d)

(e)

(f)

Column O:

Article 9 Section 1 and 2

(1) Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical
beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of unique
identifying a natural person, data concerning health or data concerning the person's sex life or sexual orientation
shall be prohibited.
(2) This shall not apply if one of the following applies;

(a)

(b)

(c)
(d)

(e)

(f)

(g)

(h)

(I)

(j)
 Lawful Basis for Processing Personal Data

e 6 Section 1
ssing shall be lawful only if and to the extent that at least on the of the following applies:
the data subject has given consent to the processing of his or her personal data for one or more
specific purposes

processing is necessary for the performance of a contract to which the data subject is party or in
order to take steps at the request of the data subject prior to entering into a contract

processing is necessary for compliance with a legal obligation to which the controller is subject
processing is necessary in order to protect the vital interests of the data subject or of another
natural person
processing is necessary for the performance of a task carried out in the public interest or in the
exercise of official authority vested in the controller

processing is necessary for the purposes of the legitimate interests pursued by the controller or by
a third party, except where such interests are overridden by the interests or fundamental rights
and freedoms of the data subject which require protection of personal data, in particular where
the data subject is a child

Lawful Basis for Processing Special Category Data

e 9 Section 1 and 2

ocessing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical
s, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely
ifying a natural person, data concerning health or data concerning the person's sex life or sexual orientation
be prohibited.
his shall not apply if one of the following applies;

the data subject has given explicit consent to the processing of those personal data for one or
more specified purposes, except where Union or Member State law provide that the prohibition
referred to in paragraph 1 may not be lifted by the data subject

processing is necessary for the purposes of carrying out the obligations and exercising specific
rights of the controller or of the data subject in the field of employment and social security and
social protection law in so far as it is authorised by Union or Member State law or a collective
agreement pursuant to Member State law providing for appropriate safeguards for the
fundamental rights and the interests of the data subject;
processing is necessary to protect the vital interests of the data subject or of another natural
person where the data subject is physically or legally incapable of giving consent
processing is carried out in the course of its legitimate activities with appropriate safeguards by a
foundation, association or any other not-for-profit body with a political, philosophical, religious or
trade union aim and on condition that the processing relates solely to the members or to former
members of the body or to persons who have regular contact with it in connection with its
purposes and that the personal data are not disclosed outside that body without the consent of
the data subjects

processing relates to personal data which are manifestly made public by the data subject;
processing is necessary for the establishment, exercise or defence of legal claims or whenever
courts are acting in their judicial capacity

processing is necessary for reasons of substantial public interest, on the basis of Union or Member
State law which shall be proportionate to the aim pursued, respect the essence of the right to
data protection and provide for suitable and specific measures to safeguard the fundamental
rights and the interests of the data subject

processing is necessary for the purposes of preventive or occupational medicine, for the
assessment of the working capacity of the employee, medical diagnosis, the provision of health or
social care or treatment or the management of health or social care systems and services on the
basis of Union or Member State law or pursuant to contract with a health professional and subject
to the conditions and safeguards referred to in paragraph 3

processing is necessary for reasons of public interest in the area of public health, such as
protecting against serious cross-border threats to health or ensuring high standards of quality and
safety of health care and of medicinal products or medical devices, on the basis of Union or
Member State law which provides for suitable and specific measures to safeguard the rights and
freedoms of the data subject, in particular professional secrecy

processing is necessary for archiving purposes in the public interest, scientific or historical
research purposes or statistical purposes in accordance with Article 89(1) based on Union or
Member State law which shall be proportionate to the aim pursued, respect the essence of the
right to data protection and provide for suitable and specific measures to safeguard the
fundamental rights and the interests of the data subject.
Column R and S: Retention of Records in Healthwatch
Employment

In general the staff records (including those of volunteers) should be retained for 6 years after the end of
employment, but need only contain sufficient information in order to provide a reference (e.g. training and
disciplinary records). Copies of any reference given should be retained for 6 years after the reference
request. Director’s files should be retained for 6 years.

Application form Duration of employment, destroy when employment ends

References received Duration of employment, destroy when employment ends

Sickness and maternity records 6 years from end of employment

Annual leave records 6 years from end of employment
Unpaid leave/special leave records 6 years from end of employment

Records relating to an injury or accident at work 12 years

References given/information to enable a

6 years from end of employment
reference to be provided
Recruitment and selection material (unsuccessful
2 years after recruitment is finalised
candidates)
Disciplinary records 6 years after employment has ended
Statutory Maternity Pay records, calculations and Retain while employed and for seven years after
certificates employment has ended
Redundancy details, calculation of payments and
Seven years from date of redundancy
refunds

Note: if an allegation has been made about the member of staff, volunteer or trustee the staff record should
be retained until they reach the normal retirement age or for 10 years, if that is longer. E.g. around
Safeguarding.

Record of Comments and other evidence, e.g. observations, interviews, enter and view notes.
Comments recorded on internal databases Retain in line with local policy
Any paper based comments recorded on the 1 year (This is in case there is a query regarding an entry on
database. the database)
Comments and or other evidence that have not
Retain in line with local policy
been recorded on the database.
Signed consent forms Destroy in line with above
DBS checks
Record disclosure reference no. and date of check and return to the volunteer or staff member.
Record of Concern Forms (ROCA)
All ROCAs and related information should be kept for 10 years. If the record relates to children and young
people the record must be kept till they are 21 years old before destroying.

Financial Records
Financial records 6 years (public funded Companies)
Income tax and NI returns, income tax records Not less than 3 years after the end of the financial year to
and correspondence with HMRC which they relate
Payroll records (also overtime, bonuses,
10 years
expenses)
Pension contribution records 6 years
Pension Scheme Investment Policies 12 years from any benefit payable under the policy
Corporate
Employers Liability Certificate 40 years
Insurance policies Permanently
Certificate of Incorporation Permanently
Minutes of Board of Trustees Permanently
Memorandum of Association Original to be kept permanently
Articles of Association Original to be kept permanently
Variations to the Governing Documents Original to be kept permanently
Statutory Registers Permanently
Membership records 20 years from commencement of membership register
Rental or Hire Purchase Agreements 6 years after expiry
Others
Deeds of Title Permanently
Leases 12 years after lease has expired
3 years from the date of the last entry (or, if the accident
Accident books involves a child/ young adult, then until that person
reaches the age of 21).
Health and Safety Policy Documents Retain until superseded
Assessment of Risks under Health and Safety
Retain until superseded
Legislation