Data retention policy
Under Article 5(e) of the General Data Protection Regulation (GDPR), “personal data shall be kept for no longer than is necessary for the purposes for which it is being processed”, so it is important to establish retention periods for personal data, alongside an up-to-date data inventory where the data is being stored and how it is to be retrieved when required.
HewardMills helps its clients formulate and implement an appropriate data retention policy and schedule, encouraging the use of a template that includes the following sections:
- Scope of the policy
- Guiding principles
- Roles and responsibilities
- Types of data and its classifications
- Retention periods
- Data storage, back-up and disposal
- Special circumstances
- Where to go for advice and questions
- Other relevant policies
HewardMills helps its clients to comply with data protection regulations, including: the GDPR, ePrivacy Directive, local legislation (for multijurisdictional organisations), cybersecurity laws, as well as legal and regulatory requirements arising from emerging technologies such as blockchain.
We are a multidisciplinary team of data protection practitioners, lawyers, corporate governance and cybersecurity experts, with a wealth of knowledge delivering data protection excellence and trust to your organisation.
If you would like to learn more about how HewardMills helps organisations handle and process data safely, securely and responsibly in line with international policies and regulations, please get in touch via telephone (+44 20 4540 5853 or +353 1669 4642) or email firstname.lastname@example.org today.