Data Retention
Data retention is how long you keep personal data before deleting or anonymising it. Under GDPR, you should only keep data for as long as it is genuinely needed. Holding onto old customer data indefinitely increases your compliance risk and the potential impact of a data breach. Irish businesses are required to document their retention periods.
Real-world example
An accountancy firm keeps client financial records for 7 years (required by Revenue), then deletes them. Old marketing email lists from 5 years ago are deleted annually as part of a data hygiene review.
Related terms
Related guide
AI Policy for Your Business
Step-by-step guide for Irish business owners — plain English, no jargon.
Open guide →Not sure where to start with AI?
Take the free 5-minute assessment and get a personalised plan for your business.
Take the free assessment →