Storage limitation
Want to watch this video? Sign up for the course
or enter your email below to watch one free video.
Unlock This Video Now for FREE
This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.
Storage Limitation: GDPR Privacy Principle
Overview
The fifth privacy principle, known as Storage Limitation, states:
“Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.”
Compliance Requirements
To comply with this principle:
- Reasonable Retention: Personal data should not be kept longer than necessary.
- Justification: Reasons for retaining data must be justified based on processing purposes.
- Retention Policy: Establish standard retention periods for different processing activities.
- Periodic Review: Review data periodically to ensure compliance.
Data Erasure and Anonymisation
Ensure:
- Erasure: Data is erased or anonymised when no longer needed.
- Subject Requests: Processes are in place to handle requests for erasure.
Benefits of Timely Data Management
Timely management:
- Reduced Risks: Reduces risks of data becoming inaccurate, excessive, or irrelevant.
- Lawful Basis: Ensures compliance with lawful basis for data retention.
- Cost and Security: Reduces storage costs and potential security risks.
Information Provision
Include in Privacy Policy:
- Retention Periods: Information about how long personal data will be retained.
- Examples: Provide examples of retention periods based on data types.
Importance of Retention Policy
Even for small organisations:
- Documentation: Establish a clear retention policy for data management.
- Review and Justification: Helps review and justify data retention practices.