GDPR Compliance Journey - 09 Retention

Gydeline
23 Apr 201803:09

Summary

TLDRThis video script from the GDP compliance series discusses the importance of data retention policies under GDPR. It clarifies that GDPR does not specify data retention periods but requires organizations to inform individuals about their data retention duration and methods. The script outlines a two-step approach: setting a retention policy and implementing it through regular data cleansing exercises. It provides examples of retention periods for different types of information, emphasizing the need for clarity and compliance in data management.

Takeaways

  • πŸ“œ The GDPR does not specify a data retention period but requires organizations to inform individuals about how long their data will be retained.
  • πŸ“ There are two main steps for data retention: setting the retention time and having a policy, and implementing that policy effectively.
  • πŸ” Organizations must have a clear retention policy that details how long different types of information will be kept.
  • πŸ—“οΈ The retention policy includes specific time frames for various categories of information, such as financial, insurance, tax, and personal data.
  • πŸ’Ό For example, information gathered on a website for service promotion is retained for 12 months from the date of consent, while job application data for unsuccessful candidates is kept for six months after notification.
  • πŸ‘©β€πŸ’Ό Employee personal information and employment records are retained for five years after employment ends.
  • 🧹 Implementing the retention policy involves regular data cleansing exercises, scheduled every six months, to ensure compliance with the policy.
  • πŸ› οΈ Data cleansing processes include specific actions within the organization's CRM system to clean up data according to the retention policy.
  • πŸ”’ The importance of having a retention policy is emphasized for transparency and compliance with data protection regulations.
  • πŸ”„ The video script suggests a structured approach to data retention, highlighting the need for both policy creation and implementation.
  • πŸ“š The next topic to be discussed in the series is data portability, indicating a continued focus on compliance and data management.

Q & A

  • What is the main topic discussed in the video script?

    -The main topic discussed in the video script is data retention policies and practices in compliance with the General Data Protection Regulation (GDPR).

  • Does the GDPR specify how long data should be retained?

    -No, the GDPR does not specify the exact duration for data retention, but it requires organizations to inform individuals about how long their data will be kept and how the retention period is determined.

  • What are the two steps an organization should take regarding data retention according to the script?

    -The two steps are: 1) Setting the retention time and having a policy in place, and 2) Implementing that policy through regular data cleansing exercises.

  • What is the duration for retaining information gathered on the website for promotional purposes as per the script?

    -According to the script, information gathered on the website for promotional purposes is retained for 12 months from the date of consent being provided.

  • How long are the documents related to unsuccessful job applicants retained as per the policy mentioned in the script?

    -The documents related to unsuccessful job applicants are retained for six months from the date of notification to the candidate.

  • What is the retention period for the personal information of employees as stated in the script?

    -The personal information of employees, including employment records, is retained for five years after the employment ceases.

  • What is the frequency of the data cleanse exercise mentioned in the script?

    -The data cleanse exercise is scheduled to take place every six months.

  • What is the purpose of the data cleanse exercise as described in the script?

    -The purpose of the data cleanse exercise is to go through the entire retention policy and clean up any data according to the set guidelines, ensuring compliance with the data retention policy.

  • What is the importance of having a clear data retention policy as per the script?

    -Having a clear data retention policy is important for transparency and compliance with GDPR, as it informs individuals about how long their data will be kept and how the retention period is determined.

  • What is the next topic that will be discussed in the series according to the script?

    -The next topic to be discussed in the series is data portability.

  • What is the overall goal of the video script in terms of compliance?

    -The overall goal of the video script is to help viewers understand and implement data retention policies in a way that simplifies compliance with GDPR.

Outlines

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Mindmap

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Keywords

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Highlights

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Transcripts

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now
Rate This
β˜…
β˜…
β˜…
β˜…
β˜…

5.0 / 5 (0 votes)

Related Tags
Data RetentionGDPR CompliancePolicy SettingData PrivacyRetention TimeInformation PolicyData CleansingBusiness ComplianceEmployee RecordsJob Applicant Data