Data Retention

From Open Risk Manual

Definition

Data Retention refers to all obligations on the part of controllers to retain Personal Data for certain purposes.

The Data Retention Directive (Directive 2006/24/EC (pdf)) contains an obligation for providers of electronic communications to retain traffic and location data of communications through telephone, e-mail, etc. The retention takes place for the purpose of the investigation, detection and prosecution of serious crime.

To limit how long you keep personal data is part of Data Minimization. The rule of thumb is "as long as necessary, as short as possible", although sometimes legal rules may impose fixed periods. Data that are no longer retained cannot fall into the wrong hands, nor be abused, meaning that defining and enforcing limited conservation periods helps to protect the people whose data are processed.


References

Retrieved from "https://www.openriskmanual.org/wiki/index.php?title=Data_Retention&oldid=26087"
  • Creative Commons Attribution-NonCommercial-ShareAlike
  • Powered by MediaWiki
  • Powered by Semantic MediaWiki