LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Retention Policy

  Quote
Guest
Guest user Created:   Apr 13, 2018 Last commented:   Apr 13, 2018

Retention Policy

For the retention policy in the toolkit that is set to mandatory, can we change it to only apply to the retention period of personal information? Also the retention period for all this information is listed in the Inventory, will this be sufficient enough? Chapter 3.5 about routine disposal schedule, is it mandatory to keep this in the policy?
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Apr 13, 2018

Answer:

The retention policy in the toolkit is meant to refer only to records containing personal data and is consistent with the requirements of EU GDPR article 5.1.(e) – “Principles relating to processing of personal data” https://advisera.com/eugdpracademy/gdpr/principles-relating-to-processing-of-personal-data/ namely personal data cannot be kept for longer than is necessary for the purposes for which the personal data are processed.

The retention periods in the Inventory of processing activities is consistent with the requirements of EU GDPR article 30 – “Records of processing activities” https://advisera.com/eugdpracademy/gdpr/records-of-processing-activities/ My suggestion is to have the i nformation about retention periods in your Data Retention Policy ( Annex - Data Retention Schedule) since this policy will most likely be available to all employees as opposed to the Inventory of processing activity which is usually handled by the DPO or data protection responsible.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 13, 2018

Apr 13, 2018

Suggested Topics

Guest user Created:   Feb 01, 2018 EU GDPR
Replies: 1
0 0

Data retention policy

Guest user Created:   Jan 14, 2020 EU GDPR
Replies: 1
0 0

Privacy notice & data retention