โ† Full glossary

Retention and deletion periods

The periods a company sets for how long different types of personal data are kept before being deleted or anonymised. The GDPR's storage limitation principle requires that data is not kept longer than necessary for the purpose. The periods must be documented โ€” typically in the Article 30 record and a deletion policy โ€” and they must actually be enforced in practice. Some periods follow from other legislation, such as the Danish Bookkeeping Act's requirement to keep accounting records for 5 years.