ABSTRACT
The requirement in the Fifth Data Protection Principle not to hold information longer than necessary might appear daunting. Very little guidance is given in the Act as to how to assess what is ‘necessary’. The starting point is the Purpose(s). Keeping the information must be necessary for the Purpose(s) it is being held for.
