Under the GDPR, you can only hold personal data for as long as you need it. One of the 7 principles of the GDPR is the principle of storage limitation, which is the idea that personal data should only be kept long enough for it to be processed for its stated purpose. To comply with this principle, delete personal data after it’s been used to fulfill its stated purpose.
If you are collecting data for scientific or historical research, or for purposes that are in the public interest, you may be allowed to hold your data for a longer period of time under the rules established in Article 5.
Termly’s GDPR solution will help your website or app meet requirements enacted by the EU regulation.
Trusted by thousands of companies worldwide, Termly’s intuitive software generates legal policies and handles consent management for any business in minutes.
Termly allows our users to focus more on their business instead of spending countless hours figuring out data privacy compliance. - Jona, Director of Product @ Termly
