Guest user Created: Apr 13, 2018 Last commented: Apr 13, 2018

Retention Policy

For the retention policy in the toolkit that is set to mandatory, can we change it to only apply to the retention period of personal information? Also the retention period for all this information is listed in the Inventory, will this be sufficient enough? Chapter 3.5 about routine disposal schedule, is it mandatory to keep this in the policy?

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Apr 13, 2018

Answer:

The retention policy in the toolkit is meant to refer only to records containing personal data and is consistent with the requirements of EU GDPR article 5.1.(e) – “Principles relating to processing of personal data” https://advisera.com/gdpr/principles-relating-to-processing-of-personal-data/ namely personal data cannot be kept for longer than is necessary for the purposes for which the personal data are processed.

The retention periods in the Inventory of processing activities is consistent with the requirements of EU GDPR article 30 – “Records of processing activities” https://advisera.com/eugdpracademy/gdpr/records-of-processing-activities/ My suggestion is to have the i nformation about retention periods in your Data Retention Policy ( Annex - Data Retention Schedule) since this policy will most likely be available to all employees as opposed to the Inventory of processing activity which is usually handled by the DPO or data protection responsible.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 13, 2018

Expert Advice Community