Defining data retention policies
Published on: 1st January 2019
By PYXI GDPR Team
GDPR states that for each set of personal data you are processing there must be a defined retention policy assigned.
If you do not have a company data retention policy defined then you need to acting on this now and create one.
Do not over-retain personal data if you have no legal or valid business reason to do so - by defining a company data retention policy, you can demonstrate to the Supervisory Authorities why you are retaining or deleting data.
Remember this applies to paper records too - make sure you have a thorough process in place to shred documents.
PYXI GDPR Team: 1st Jan 2019 11:05:00
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
ICO Q2 Data Security Incident Trends
The ICO's figures for Q2 show that the most frequently reported data security incident relates to disclosure of data. The ICO's website has published information about Q2 2018-19's data security incidents by type and sector, and the single mo... click to read more