Defining data retention policies

Published on: 1st January 2019

GDPR states that for each set of personal data you are processing there must be a defined retention policy assigned. 

If you do not have a company data retention policy defined then you need to acting on this now and create one.

Do not over-retain personal data if you have no legal or valid business reason to do so  - by defining a company data retention policy, you can demonstrate to the Supervisory Authorities why you are retaining or deleting data.

Remember this applies to paper records too - make sure you have a thorough process in place to shred documents.

PYXI GDPR Team: 1st Jan 2019 11:05:00