Assign topic to the user
Answer:
Based on the provisions of the EU GDPR, personal data should be kept in an identifiable format for no longer than is necessary (with exceptions for public interest, scientific, historical or statistical purposes). So, unless you have a lawful obligation to keep personal data for a longer time, it should be deleted or anonymized.
You can set up within your organization a general retention period based on the purposes for which you collect and proceed the data.
Furthermore, you can find a data retention policy in our EU GDPR Documentation Toolkit (https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/).
Comment as guest or Sign in
Oct 09, 2018