GDPR Compliance Journey - 09 Retention
Summary
TLDRThis video script from the GDP compliance series discusses the importance of data retention policies under GDPR. It clarifies that GDPR does not specify data retention periods but requires organizations to inform individuals about their data retention duration and methods. The script outlines a two-step approach: setting a retention policy and implementing it through regular data cleansing exercises. It provides examples of retention periods for different types of information, emphasizing the need for clarity and compliance in data management.
Takeaways
- 📜 The GDPR does not specify a data retention period but requires organizations to inform individuals about how long their data will be retained.
- 📝 There are two main steps for data retention: setting the retention time and having a policy, and implementing that policy effectively.
- 🔍 Organizations must have a clear retention policy that details how long different types of information will be kept.
- 🗓️ The retention policy includes specific time frames for various categories of information, such as financial, insurance, tax, and personal data.
- 💼 For example, information gathered on a website for service promotion is retained for 12 months from the date of consent, while job application data for unsuccessful candidates is kept for six months after notification.
- 👩💼 Employee personal information and employment records are retained for five years after employment ends.
- 🧹 Implementing the retention policy involves regular data cleansing exercises, scheduled every six months, to ensure compliance with the policy.
- 🛠️ Data cleansing processes include specific actions within the organization's CRM system to clean up data according to the retention policy.
- 🔒 The importance of having a retention policy is emphasized for transparency and compliance with data protection regulations.
- 🔄 The video script suggests a structured approach to data retention, highlighting the need for both policy creation and implementation.
- 📚 The next topic to be discussed in the series is data portability, indicating a continued focus on compliance and data management.
Q & A
What is the main topic discussed in the video script?
-The main topic discussed in the video script is data retention policies and practices in compliance with the General Data Protection Regulation (GDPR).
Does the GDPR specify how long data should be retained?
-No, the GDPR does not specify the exact duration for data retention, but it requires organizations to inform individuals about how long their data will be kept and how the retention period is determined.
What are the two steps an organization should take regarding data retention according to the script?
-The two steps are: 1) Setting the retention time and having a policy in place, and 2) Implementing that policy through regular data cleansing exercises.
What is the duration for retaining information gathered on the website for promotional purposes as per the script?
-According to the script, information gathered on the website for promotional purposes is retained for 12 months from the date of consent being provided.
How long are the documents related to unsuccessful job applicants retained as per the policy mentioned in the script?
-The documents related to unsuccessful job applicants are retained for six months from the date of notification to the candidate.
What is the retention period for the personal information of employees as stated in the script?
-The personal information of employees, including employment records, is retained for five years after the employment ceases.
What is the frequency of the data cleanse exercise mentioned in the script?
-The data cleanse exercise is scheduled to take place every six months.
What is the purpose of the data cleanse exercise as described in the script?
-The purpose of the data cleanse exercise is to go through the entire retention policy and clean up any data according to the set guidelines, ensuring compliance with the data retention policy.
What is the importance of having a clear data retention policy as per the script?
-Having a clear data retention policy is important for transparency and compliance with GDPR, as it informs individuals about how long their data will be kept and how the retention period is determined.
What is the next topic that will be discussed in the series according to the script?
-The next topic to be discussed in the series is data portability.
What is the overall goal of the video script in terms of compliance?
-The overall goal of the video script is to help viewers understand and implement data retention policies in a way that simplifies compliance with GDPR.
Outlines
📝 GDPR Data Retention Policy Overview
This paragraph introduces the topic of data retention in the context of the General Data Protection Regulation (GDPR). It clarifies that GDPR does not specify exact durations for data retention but requires organizations to communicate their data retention periods to individuals. The speaker outlines the two-step process for compliance: setting a retention time and policy, and implementing that policy effectively. The video script also mentions a policy document that details the organization's approach to data retention, including specific durations for different types of information such as financial, insurance, tax, website user data, job applicant data, and employee records.
Mindmap
Keywords
💡Data Retention
💡GDPR
💡Policy
💡Retention Time
💡Information Retention Policy
💡Data Cleansing
💡CRM
💡Consent
💡Job Applicant Information
💡Employment Records
💡Data Portability
Highlights
GDPR does not specify a data retention period, but requires organizations to inform people about how long they will keep data or how they determine retention time.
There are two key steps for data retention under GDPR: setting a retention time and having a policy, and implementing that policy.
Organizations must have a clear retention policy that details how long they will keep different types of information.
The company's retention policy includes specific time frames for retaining business information, such as financial, insurance, and tax records.
For personal data, the policy specifies retention periods for website visitor data, job applicant information, and employee records.
Website visitor data is retained for 12 months from the date of consent.
Unsuccessful job applicant information is retained for 6 months from the date of notification.
Employee records and personal information are retained for 5 years after employment ceases.
Having a clear retention policy helps organizations know what information they hold and for how long.
Implementing the retention policy is the second key step, which involves regularly reviewing and updating data according to the policy.
The company conducts a biannual data cleanse exercise to ensure compliance with the retention policy.
Specific processes are in place to clean up data from the CRM system based on the retention policy.
Data retention is an important aspect of GDPR compliance that requires careful policy development and implementation.
Clear communication about data retention practices helps build trust with customers and employees.
Regularly reviewing and updating data retention policies ensures ongoing compliance with GDPR requirements.
Automating data cleansing processes can help organizations efficiently manage data retention.
Data portability will be the topic of the next video in the compliance journey series.
Transcripts
[Music]
hi and welcome back to GDP our
compliance journey and what a glorious
day and what could be better than
talking about data retention first
things say is that as far as the GDP r
is concerned it doesn't say anything
about how long you have to keep data for
is there's nothing in there about that
but what you do have to do is tell
people how long you're gonna keep it or
how you're gonna work out how long
you're going to keep it so really
there's two steps as far as retention
Inc is concerned one is to set the
retention time and to have a policy and
step two really is to have a means of
implementing that policy so we'll take
you through the policies that guideline
have put in place and then we'll talk
about how we implement those policies
those of you that have watched our
previous videos will have seen our
approach to policy I've pulled up our
information retention policy and I have
a printout of that policy available and
here's the collection of statements that
make up our retention policy so in here
we have detailed how long we are going
to keep the information relating to our
business so there are some business
information here around how long we
retain financial insurance and tax
information but there's also information
that relates to individuals so the first
statement information gathered on our
website for the purpose of promoting and
delivering our service is retained for
12 months from the date of consent being
provided and if somebody applies for a
job with guideline we have a policy
statement here that says information and
documents relating to unsuccessful job
applicants will be retained for six
months from date of notification to the
candidate and if we're talking about
personal information of employees we say
the employment records and so forth will
retain through five years
after employment ceases so we've been
very clear about what information we
hold and how long we are going to retain
it for across the business now as I said
there's a second step which is to
implement those policies so we have a
regular data cleanse exercise scheduled
and that takes place every six months
where we run through the entirety of our
retention policy and we have specific
processes that go through our CRM and
clean up any data according to the
retention policy so as always we hope
you found that useful next time we're
going to be talking about data
portability and so until then as always
we hope you find your compliance simple
浏览更多相关视频
GDPR Compliance Journey - 04 Processing Activity Record
The Data Flow Mapping Tool – the quick and easy way to document personal data processing
How to Implement GDPR Part 2 :Roadmap for Implementation
Data Inventories and Data Maps: The Cornerstone to GDPR Compliance
GDPR Compliance Journey - 05 Policy
GDPR Compliance Journey - 18 Reviews and Third Party Reviews
5.0 / 5 (0 votes)