Data Retention Policy
Under Article 5(e) of GDPR, “personal data shall be kept for no longer than is necessary for the purposes for which it is being processed”, so it is important to establish retention periods for personal data, alongside an up-to-date data inventory where the data is being stored and how it is to be retrieved when required.
HewardMills helps its clients formulate and implement an appropriate data retention policy and schedule, encouraging the use of a template that includes the following sections:
- Scope of the policy
- Guiding principles
- Roles and responsibilities
- Types of data and its classifications
- Retention periods
- Data storage, back-up and disposal
- Special circumstances
- Where to go for advice and questions
- Other relevant policies
HewardMills helps its clients to comply with data protection regulations, including: GDPR, ePrivacy laws, local laws (for multi-jurisdictional organisations), cybersecurity requirements, as well as legal and regulatory requirements arising from emerging technologies such as blockchain.
We are a multi-disciplinary team of data protection practitioners, lawyers, corporate governance and cyber security experts, with a wealth of knowledge delivering data protection excellence and trust to you and your organisation.
If you would like to learn more about how HewardMills helps organisations handle and process data safely, securely and responsibly in line with international policies and regulations, please get in touch via telephone (+44 (0) 20 3367 1245 or +353 (0) 1669 4642), or email firstname.lastname@example.org today.