How to tackle data retention
Two years on from GDPR enforcement does your house-keeping need a refresh? How long to keep personal data raises lots of questions. Where to start? How to judge necessity? How to get rid of data when the retention period ends?
You won’t be alone if you have many more.
It makes commercial sense to get to grips with retention. Keeping and using data has a cost. It is better to delete it when you do not need it. ‘Storage limitation’ is also one of the core data protection principles, keeping data longer than you should has its risks.
Whether you are starting out or reviewing what you currently have, we hope this data retention guidance will support your work.
Developed and written by data protection specialists from a broad range of organisations and sectors, this guide gives you a practical toolkit to approach this tricky topic.
Our Data Retention Working Group was chaired by Robert Bond, partner at Bristows LLP, “The DPN has worked hard to publish a practical guide to a complex and evolving topic. It provides a set of tools to help with transparency and accountability in data retention.”
Simon Blanchard from DPN Associates, “Our aim was to provide a clear roadmap to help you navigate difficult decisions about how long to keep personal data. In the guidance you’ll also find useful case studies and example templates to assist you.”
Matthew Kay, Data Protection Officer, EMEA at Thomson Reuters, “The DPN has continued to grow since its legitimate interest guidance and now an increased spectrum of industries have come together to produce a pragmatic toolset. Once again I’ve been delighted to play a role in this helpful steer for organisations handling the challenges of data retention”.
LISTEN IN NOW to get great tools and advice as specialists discuss data retention and minimisation.
Exterro®, Inc. is a leading provider of privacy, e-discovery and information governance software. To learn more and schedule a software demonstration, visit: https://www.exterro.com
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.