4 min read

Writen by Marin Milenkoski

Posted on: March 21, 2024

The Importance of Data Retention

Many companies overlook one of the most critical aspects of data processing, which is data retention. They often store vast amounts of data without clear awareness of what they’re keeping or why. This data might sit unused, with little consideration for the individuals whose information it comprises. Data subjects are frequently uninformed about their data being stored in potentially vulnerable folders, prone to leaks or loss on the web.

Regrettably, the retention periods for the data companies process are often unregulated and poorly organized. This lack of regulation can lead to ambiguity and inconsistency in how long data is retained, posing risks both to individuals’ privacy and to the companies’ compliance with data protection laws.

On November 10th, 2022, the French Data Protection Authority (Commission Nationale Informatique & Libertés — CNIL) imposed a fine of 800,000 euros on Discord for multiple breaches of the GDPR. One of the infractions involved Discord’s failure to establish and adhere to a suitable data retention period aligned with the intended purpose, as outlined in Article 5.1.e of the GDPR.

Image by creativeart on Freepik

As a company, what should you do in order to comply with GDPR, or at least work toward it?

The GDPR does not specify what type of documentation you must have to achieve compliance, but the practice so far has shown that a Retention Policy is the most important document.

The General Data Protection Regulation (GDPR) has established new guidelines for how businesses handle personal data, outlining what information can be collected and for how long it can be retained.

It’s essential to have a strong data retention policy in place, and the principles of the GDPR – Storage Limitation, Minimisation, and Accuracy – are of great importance in shaping such a policy.

Storage Limitation means ensuring that personal data isn’t held for longer than necessary.

Minimisation involves collecting only the bare minimum of required data.

Accuracy mandates maintaining precise, current, and dependable information.

In simpler terms, personal data processing must be appropriate, pertinent, and restricted to what’s essential for the specific purposes at hand. Your business should only handle personal data that’s necessary for its operations.

How long should the data be kept?

The GDPR does not provide a specific duration for which data should be retained, instead it mandates that data should not be held for longer than is necessary. The responsibility falls on each company to determine this period, taking into account any other relevant laws that may apply. For instance, in cases where an organisation holds financial information, the Anti Money Laundering legislation may require that customer financial data be retained for 5 years following the end of the customer relationship.

Therefore, the data retention period should not extend to 5 years after the last interaction with the individual whose data is being stored.

Whether you have some questions regarding the Data Retention Policy or need some assistance with compliance documents, make sure to reach out to us.

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.

Contact Us

Recent blogs

EU AI Act Summary: Key Compliance Insights for Businesses

The EU AI Act is a pioneering attempt to regulate AI systems, striving for a balance between foster

AI Act: Fundamental Rights Impact Assessments (FRIA) – Who, When, Why, and How to Ensure Ethical AI Deployment

The European Union (EU) has positioned itself as a leader in shaping the responsible development an

How the Privacy Act Protects Personal Information in Australia

 As cyber threats loom larger and data breaches become more common, the significance of strong

Get Your Account Now

Setup in just a few minutes. Enter your company details and choose the services you need.

Create Account

Get In Touch

Not sure which option to choose? Call, email, chat to us

Contact Us

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.

Full Name is required!

Business Email is required!

Company is required!

Please accept the Terms and Conditions and Privacy Policy