With this document you can:

This box is not visible in the printed version.

Records Management Policy

The Gambling Commission's Records Management Policy.

Published: 20 March 2025

Last updated: 20 March 2025

This version was printed or saved on: 2 May 2025

Online version: https://www.gamblingcommission.gov.uk/policy/records-management-policy

Introduction

1.1. This policy sets out the Gambling Commission’s approach to managing records. The Commission is committed to the efficient management of records for the effective delivery of services, to document principal activities and decisions, and to maintain the corporate memory.

1.2. A record is defined as information created, received or maintained as evidence and information by an organisation, in pursuance of legal obligations or in the transaction of business.

1.3. The Commission acknowledges that the records it creates, receives, and uses while carrying out its functions are vital not just to its activities but also to providing accountability and maintaining public confidence in its operations.

1.4. Records management is a key part of the Commission’s functions and is a shared responsibility. Robust records management underpins all of the Commission’s activities and supports the delivery of its objectives.

1.5. The benefits of good records management are:

1.6. The principles outlined in this policy have been developed to give a consistent approach to managing records throughout their lifecycle regardless of their format.

1.7. This policy is required to ensure compliance with the Public Records Act 1958, the Data Protection Act 2018, the Freedom of Information Act 2000, the Freedom of Information Act Section 46 Code of Practice, and ISO 15489 Information and documentation – Records management.

1.8. This policy supports the strategic objective of improving gambling regulation, by facilitating efficient and effective use of information.

Policy statement

2.1. All records must be given a clear and unique title in accordance with the Gambling Commission’s agreed naming conventions.

2.2. All records must be saved in the most suitable format and given the appropriate data sensitivity classification.

2.3. All records must be stored in a suitable and appropriate location, in line with the relevant procedures and guidance.

2.4. Records must be retained for the designated period of time specified in the Records Retention Schedule. Retention labels must be applied electronically where possible.

2.5. Records which are selected for permanent preservation and transfer to the National Archives must be safeguarded until they can be transferred.

Legislative framework

3.1. The Gambling Commission is obliged to meet the legal requirements for the retention and disposal of records in accordance with relevant legislation, particularly:

Scope

4.1. This policy applies to all employees and appointees of the Gambling Commission, including temporary or fixed-term staff and contractors.

4.2. The policy applies to all records held by the Commission at every stage of the information lifecycle: creation, use, storage, and disposal. It applies to both paper and electronic records, and includes written, audio and video format.

4.3. A record is defined by its content and its context, not by its format. Emails, and any other form of electronic correspondence used by the Commission, which are produced or received in the conduct of business will be considered to be part of the corporate record.

Roles and responsibilities

5.1. Everyone is responsible for:

5.2. Project managers are responsible for:

5.3. Line managers are responsible for:

5.4. Information Asset Owners (IAOs) are responsible for:

5.5. Cheif Executive Officer (CEO) and Executive team are responsible for:

5.6. Data Protection Officer, Records Manager and Information Management team are responsible for:

5.7. Senior Information Risk Owner (SIRO) is responsible for:

The Senior Information Risk Owner is the Chief Technology Officer.

5.8. Commissioners are responsible for oversight and scrutiny of records management processes ensuring that effective processes are in place as a key corporate control.

Monitoring and compliance

6.1. Compliance with this policy is mandatory.

6.2. Compliance will be monitored by team managers, Information Asset Owners and audit activities with oversight by the Executive Team, Information Management team, Data Protection Officer, Senior Information Risk Owner (SIRO) and CEO.

6.3. Individual business areas are expected to review their processes and ensure that these are documented, fit for purpose, and reviewed and updated regularly.

6.4. Guidance is provided by the Information Management team to aid the implementation of this policy.

6.5. Performance indicators and reports will cover the work of the Information Management team as well as compliance levels for individual business areas.

Policy review

7.1. To be reviewed every 2 years.

7.2. Next review due January 2026.

7.3. The Gambling Commission’s Policy Retirement Process will be followed when this policy is no longer required, has been superseded or has been integrated into another policy.

Policy exception

8.1. There are no circumstances where there should be exceptions to this policy.

Associated policies

This policy should be read in conjunction with the following Gambling Commission policies:

Version history

10.1. The version history record is detailed in the following table.

Version history record

Version history record
Version Author or reviewed by Date Description of change
1.0 Records Manager 5 January 2024 Creation of new policy.
1.1 Head of Information Compliance
Records Manager
7 March 2025 Added Senior Information Risk Officer (SIRO) role and responsibilities.