Data Retention Guidance Notes

These Data Retention Guidance Notes explain the UK GDPR storage limitation principle and how it applies in practice when deciding how long personal data should be kept.

Under that principle, personal data must not be retained for longer than is needed for the purpose or purposes for which it was originally obtained. Applying that rule in practice means setting suitable retention periods, keeping those periods under review, and taking proper steps once data is no longer needed.

Some retention periods will be determined by law, but many will not. Where no fixed legal period applies, organisations need to assess carefully how long personal data is genuinely required and review that position over time.

Explains the storage limitation principle in practical terms

These notes look in more detail at the UK GDPR storage limitation principle and how it connects with other key parts of data protection law.

They also include practical guidance on compliance, particularly on the safe deletion, disposal, or anonymisation of personal data that is no longer needed, whether held electronically or in hard copy form.

Useful alongside a Data Retention Policy

The notes also refer to a Data Retention Policy template for organisations putting formal retention rules in place. The Data Retention Policy is available separately.

What these notes cover

• purpose and lawful basis;
• data minimisation;
• keeping data accurate and up to date;
• storage limitation;
• what to do after the retention period ends.

Data Retention Guidance Notes is part of Business . Just £38.50 + VAT provides unlimited downloads from Business for 1 year.