Retaining and deleting data

Chapter 12 concentrates on retaining and deleting data. One of the key tenants of GDPR is the minimisation of data. This means that organisations are no longer allowed to keep records indefinitely and that they must tell individuals at the point of collection how long the information will be kept for. It is possible for some organisations to retain information for longer periods if they have a good reason or if they are part of an archive in the public interest or scientific or historical research. This chapter discusses the best way to go about the process of managing how long you keep data. It discusses the individual’s rights of erasure and provides advice on how to delete various types of data. Archiving, Research and Statistical Retention are also discussed. There is an explanation of the terms Anonymisation and Pseudonymisation. The chapter also highlights the GDPR “Right of Erasure”, when it applies and does not apply, how long you have to action the request and how to go about it. The chapter concludes with a brief section on Retaining Data from dashcams/helmet cams/CCTV.