Assign topic to the user
Answer:
If by “rejection periods” you refer to retention periods the EU GDPR is not very concise on this topic and it only states that personal data is not to be processed “longer than is necessary for the purposes for which the personal data are processed”. So, basically is the duty of every controller to establish these periods also considering some of the mandatory retention periods established by Member States in certain areas
Such mandatory retention periods can be found for example in labor law or tax law and they may vary from country to country so this needs to be checked on a case by case basis.
To learn more about privacy retention periods check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
May 29, 2018