1.8 KiB
Sheet n°14: Define a data retention period
Personal data cannot be kept for an indefinite period of time: this must be defined according to the purposes of the processing. Once this purpose has been achieved, the data should be archived, deleted or made anonymous (e.g. in order to produce statistics).
Data retention cycles
-
The personal data retention cycle can be divided into three distinct successive phases:
- The active database;
- Intermediate archiving;
- Final archiving or deletion.
-
The mechanisms for deleting personal data from the active bases ensure that the data are kept and accessible by the operational services only for the time necessary to achieve the purpose of the processing operation.
-
Ensure that data is not kept in active databases by simply noting them as being archived. The archived data (intermediate archive) must be accessible only to a specific service responsible for accessing and removing them from the archive if necessary.
-
Please also ensure that you have specified access modes for the archived data, as the use of an archive must be on an ad hoc and exceptional basis.
-
If possible, use the same implementation when implementing the data purging or anonymisation as the one managing the right to erasure (see sheet on the exercise of rights), in order to guarantee a homogeneous operation of your system.
Some examples of shelf life
-
The data relating to payroll management or employee time control can be kept for 5 years.
-
The data in a medical file must be kept for 20 years.
-
The data of a prospect not responding to any solicitation can be kept for 3 years.
-
The log data can be kept for 6 months.