Data retention is the practice of storing and managing data and records for a designated period. Businesses need to develop and maintain data retention policies specifying what data should be stored or archived, where, and for how long. Once the retention period for a particular data set expires, it can be deleted or moved to another storage.
Specifically, a data retention policy should include the following information:
- The types of data your company collects, from whom, and where the collection happens.
- How long you’ll keep each piece of data, in what format, and for what reason.
- The laws and regulations that apply to the collected information and how your company ensures compliance.
- Details on the storage, security, and backup of information.
- How your organization disposes of the data and how customers can request deletion of their data.
- Responsibilities for different policy elements and what to do in case of policy violations or data breaches.
The primary purpose of a data retention policy is to ensure proper data management under the relevant regulations, as well as to enhance efficiency within your organization and reduce costs and security risks.
11 new privacy laws around the world and how they’ll affect your analytics
