Data retention
It would be great if you could tell me if ISO27001 or other standards require companies to remove customer data after the contract is finished. Actually I don’t mean personal information, mostly data which data analytics use for the machine learning, model training and so on. I am looking for B2B businesses data retention requirements.
Assign topic to the user
Please note that ISO 27001 does not prescribe data retention requirements (for any type of information), only that these must be defined, based on results of risk assessment and applicable legal requirements (e.g., laws, regulations, and contracts).
Considering that, you should consider hiring legal expert advice, to help you identify relevant legal requirements applicable to your organization.
This article may provide you a starting point:
- Laws and regulations on information security and business continuity https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/
Comment as guest or Sign in
Feb 15, 2021