Personal data retention is a very important term in the era of global digitalization and automation. The data retention policy defines the procedures for determining the processing time to fulfill existing business processes.
The principle of storage limitation, formulated in Article 5, paragraph 1, letter e of the GDPR, imposes on each entrepreneur the requirement to remove data after a specified time. The storage of personal data in a form that allows identification of the person to whom the data relates should take place for no longer than is necessary for the purposes for which the data is processed. According to the GDPR, personal data, particularly sensitive data, should be stored for no longer than necessary for the purposes for which the data is processed.
The law provides certain exceptions that allow for longer storage of data, such as for archival purposes in the public interest, for scientific, historical or statistical research purposes.
However, these exceptions have limited applicability, which is why it is necessary for each personal data administrator to establish a “necessary” retention period for themselves. This period is called the “personal data retention period.”