Data Retention
Data retention is how long you keep personal data before deleting or anonymising it. Under GDPR, you should only keep data for as long as it is genuinely needed. Holding onto old customer data indefinitely increases your compliance risk and the potential impact of a data breach. In practice, businesses should be able to explain and document how long different types of data are kept.
Real-world example
An accountancy firm keeps client financial records for 7 years (required by Revenue), then deletes them. Old marketing email lists from 5 years ago are deleted annually as part of a data hygiene review.
Related terms
📖 Recommended Guide
AI Policy for Your Business
Step-by-step guide for Irish business owners — plain English, no jargon.
Read the guide →Not sure where to start with AI?
Take the free 5-minute assessment and get a personalised plan for your business.
Take the free assessment →