Data retention is the practice of storing and managing data and records for a designated period. Businesses need to develop and maintain data retention policies specifying what data should be stored or archived, where, and for how long. Once the retention period for a particular data set expires, it can be deleted or moved to another storage.

Specifically, a data retention policy should include the following information:

  • The types of data your company collects, from whom, and where the collection happens.
  • How long you’ll keep each piece of data, in what format, and for what reason.
  • The laws and regulations that apply to the collected information and how your company ensures compliance.
  • Details on the storage, security, and backup of information.
  • How your organization disposes of the data and how customers can request deletion of their data.
  • Responsibilities for different policy elements and what to do in case of policy violations or data breaches.

The primary purpose of a data retention policy is to ensure proper data management under the relevant regulations, as well as to enhance efficiency within your organization and reduce costs and security risks.

11 new privacy laws around the world and how they’ll affect your analytics

How can I comply with applicable data protection laws?


  • Duga Digital - success story - blog

    How Oxford Online Pharmacy increased data volume by 15% with Duga Digital and server-side Piwik PRO Analytics

    Duga Digital’s success story appears as part of our Partner Spotlight series. Oxford Online Pharmacy (OOP) is a family business going back three generations to 1925. Employing experienced pharmacists and healthcare professionals, OOP is committed to translating the values and heritage of the Oxfordshire-based bricks and mortar chemists, online.

    Read more

  • What is PII, non-PII, and personal data? [UPDATED]

    Personally identifiable information (PII) and personal data are two classifications of data that often confuse organizations that collect, store and analyze such data. Both terms cover common ground, classifying information that could reveal an individual’s identity directly or indirectly. PII is used in the US, but no specific legal document defines it. The legal system…

    Read more