• Startups
  • May 15, 2018

LawBite’s Countdown Checklist for GDPR | Part Five

By Lawbite Team

Talk to a Lawyer Free Legal Help
It’s the penultimate week before all the talk about GDPR becomes a reality. Last week I covered data accuracy and this week I’m covering the last of the information standards - it’s time to take a look at principle 5 of the GDPR. Principle 5: The Storage Limitation Principle GDPR states that personal data should be ‘kept in a form which identifies data subjects for no longer than is necessary for the purposes for which it is processed’. Put simply, you need to think about why you are holding data (your purpose) and how long you reasonably need to hang on to the data. It’s important to ensure that personal data is deleted or disposed of when it is no longer required, reducing the risk of it becoming out of date or inaccurate. Compliance with storage limitation lends itself to compliance with the other principles governing information standards; data minimisation (principle 3) and accuracy (principle 4). GDPR introduces certain exceptions to this rule however e.g. longer retention periods will be acceptable where personal data is being processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to appropriate technical and organisational measures being in place in order to safeguard the rights and freedoms of the individuals affected. So, how do you go about assessing what is a reasonable length of time to store personal data? The legislation does not set out any specific minimum or maximum periods so as an organisation you should take a reasoned approach and look at the purpose or purposes for which the data is held, the current and future value of data, the costs associated with retaining it and how easily it can be kept up to date and accurate when determining a retention period. Remember that different retention periods may be appropriate for different types of information. You should document these periods in a retention policy and make sure you also cover deletion schedules in your privacy policy. None of this is materially different to the position under the existing Data Protection Act 1998 however GDPR is a great opportunity to revisit and revise data retention policies. GDPR introduces a higher level of accountability so it requires organisations of all shapes and sizes to take their data handling responsibilities more seriously. Most organisations will already be following the basic principles of good data handling but may not have gone so far as to think in detail about (and document) why they hold data for certain periods or may even be holding data indefinitely without any justifiable basis to do so. The benefits of having a well written and documented retention policy are two fold: firstly, it is important that staff handling personal data know what is expected of them and the standards they are required to meet and secondly (in the event of any complaint or investigation) it provides something to produce to the ICO. It doesn’t need to be a complicated process – as we all know by now GDPR simply wants us to be clear and concise – so stick to the facts of what you are doing, and why! Coming up next week: Principle 6 – The Integrity and Confidentiality Principle….see you deadline week To consult with the Lawbrief lawyer Jessica, please submit an enquiry for a free 15-minute consultation or call the dedicated GDPR Hotline 0845 241 1843. For clients who need last minute help with compliance there is a special GDPR Rescue Package. As well as 12 GDPR compliant templates the package contains a 30 minute GDPR audit consultation and 2 hours of specific GDPR legal advice for only £495 + VAT (versus £675 + VAT). To find out more please click here.
          Journey further... 
LawBite’s Countdown Checklist for GDPR | Part One LawBite's Countdown Checklist for GDPR | Part Two LawBite's Countdown Checklist for GDPR | Part Three LawBite's Countdown Checklist for GDPR | Part Four How LawBite works LawBite GDPR Rescue Package

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By Lawbite Team
  • March 16, 2021
10 Steps every Start Up must take to avoid Legal 'Bear Traps'

Every start-up business needs the law. Unfortunately, many cut corners or worse still, ignore the legal side of their business all together. Here's...

blog image
  • By Lawbite Team
  • November 16, 2020
ICO Fines - Not Just Big Companies Under Scrutiny on GDPR

The supervisory authority for GDPR compliance, the Information Commissioner's Office (ICO), has recently published its decision to fine British Air...

blog image
  • By Lawbite Team
  • March 26, 2020
COVID-19: Remote working and protecting personal data

Many businesses have needed to adapt and embrace remote working. For many, this can raise new working practices and question how data is managed wi...

Gdpr, Coronavirus

LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan