Data retention refers to keeping or storing the Organization’s data for different purposes such as everyday business operation, demonstrating compliance with the supervisory authority, or complying with a particular law.
Data retention starts when one of the following scenarios happen:
- The initial purpose for data collection and processing has expired. Usually, a product or services contract with an individual has expired, an insurance policy has expired, or the individual stopped using a product, or a service.
- The direct action of the Data Subject, usually an opt-out, unsubscribe or request for the right to be forgotten.
To minimize the risk of non-compliance, once the data retention period expires, the Organization must remove personal data from its systems.