Data Retention Policy


Data Retention Policy

Version 1.0 published 20 October 2020

    1. Purpose of the policy

    The National Office firmly commits to complying with our data protection obligations.

    This policy sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be retained by Us, where ‘Us, We, Our’ means the National Office and National Research Ethics Committees either separately or together. Any reference to ‘Data Controller’, ‘Data Processor’, ‘Personal Data’ and ‘Data Subject’ shall have the meaning ascribed to in the General Data Protection Regulations (the ‘GDPR’).

    The Data Protection Acts 1988 and 2003 (as amended) (the “DPA”) and, from 25 May 2018, the GDPR impose obligations on us, as a Data Controller, to retain the data for no longer than is necessary. We are obliged to provide individuals with information on our retention periods or criteria used to determine the retention periods.

    The time periods for which we retain your information depends on the type of information and the purposes for which We use it. We will keep your information for no longer than is required or permitted. We do not transfer your data outside of the EU.

    2. Who we are

    We are the National Office for Research Ethics Committees, an independent statutory body based in the offices of the Health Research Board, Grattan House, 67-72 Lower Mount Street, Dublin 2, D02 H638.

    The National Office is responsible for establishing National Research Ethics Committees (NRECs) in select areas of health research at the request of the Minister for Health and providing advice and support to the wider Irish health research community.

    3. Document retention procedure

    We must retain certain records because they contain information that must be kept in order to satisfy statutory, legal, accounting or other regulatory requirements.

    We must balance these requirements with Our statutory obligation to only keep records for the period required and to comply with data minimisation principles. The retention schedule below sets out the relevant periods for the retention of various National Office documents.

    Categories of personalised data
    Internal retention period
    Justification of timeline

    Invalid application

    6 months

    For future validation and follow on submission queries

    Unsuccessful applications

    2 years after the date of submission

    For future validation and follow on submission queries

    Successful applications

    5 years after the end of study completion

    For reporting purposes and record keeping

    Membership expression of interest submissions

    5 years after submission

    For future membership opportunities

    NREC member contact details

    3 years after expiration of membership

    For follow up queries by the National Office

    NREC member financial details

    7 years after expiration of membership

    Revenue Requirements

    NREC expense receipts

    7 years

    Revenue Requirements

    Letters of Offer for NREC membership

    2 years after expiration of membership

    For National Office records

    NREC member Bios & Photos

    Will be removed immediately once membership has expired

    No legal basis for retaining in public view

    Newsletter subscription

    Will be removed immediately once requested or once newsletter terminated

    No legal basis for retaining

    Minutes of NREC meeting


    Statutory obligation

    NREC decisions


    Statutory obligation

    4. Types of documents

    A record is any type of information created, received or transmitted in the transaction of the National Office’s business, regardless of physical format. Examples of where the various types of information are located are; calendars, emails, handwritten notes, invoices, voicemails.

    A record must not be retained beyond the period indicated in the Record Retention Schedule, unless a valid business reason (or a litigation hold or other special situation) calls for its continued retention.

    5. Storage

    All Personal Data retained by Us is stored in a secure online drive hosted on a server within the Health Research Board (HRB). The online secure drive can only be accessed by authorised members of the National Office and the ICT support team of the HRB. All paper copies are stored securely in the National Office. Personal Data will not be shared with other third-parties who are not outlined in this privacy notice.

    6. Confidential information of others

    Unsolicited confidential information submitted to Us shall be refused, returned to the sender where possible and deleted, if received electronically.

    7. Questions about the policy

    Any questions about this policy should be referred to the National Office:

    Scroll to Top