principle 5

Personal data shall not be kept for longer than necessary

Do we have a clear policy on data retention?

Do we know the legal requirements on retention times that apply to us?

Do we periodically remove personal data from our database when we no longer need it, such as data relating to former customers or staff members?