Under the GDPR, you can only hold personal data for as long as you need it. One of the 7 principles of the GDPR is the principle of storage limitation, which is the idea that personal data should only be kept long enough for it to be processed for its stated purpose. To comply with this principle, delete personal data after it’s been used to fulfill its stated purpose.
If you are collecting data for scientific or historical research, or for purposes that are in the public interest, you may be allowed to hold your data for a longer period of time under the rules established in Article 5.
One of the keys to GDPR compliance is to collect and store the least amount of data possible. Frequently assess your data stores and delete unnecessary information whenever possible.
Trusted by thousands of companies worldwide, Termly’s intuitive software generates legal policies and handles consent management for any business in minutes.
Termly allows our users to focus more on their business instead of spending countless hours figuring out data privacy compliance. - Jona, Senior Product Manager @ Termly