Data Retention Policy in Self Storage Software

July 09, 2021 | Team StoRegister
Data Retention Policy

What is Data Retention Policy?

Article 5 of GDPR EU states that Data Retention Policy as the data collected for specified, explicit and legitimate purposes should be processed in a manner that is compatible for the purposes specified; It is also necessary that the personal data should be accurate; the data should be processed in appropriate manner to ensure security, integrity and confidentiality; further the personal data should be retained until the legitimate purpose exist and once the purpose is met, data shall be archived in a secured way.

What does Data Retention Guideline states?

Under GDPR, organizations are required to adhere to guidelines to collect customer's personal data, retain them until there is absolute purpose and archive when there is no further purpose of processing the data.

Organizations which retain client's personal data need to take appropriate measure to protect the data from unauthorized access, use and processing of data. Appropriate security measure needs to be implemented to prevent accidental loss, destruction, or damage.

How long Data can be retained?

Though the strictness of Data Retention Policy of GDPR underlines various measures to handle the customer personal data, no rules have been laid down for the duration for storage of personal data.

Most of the time, Organizations can set their own timeline to retain the data based on their purpose. However, it is required for the Organization to document the purpose and the time set for data retention.

Data can be retained based on two key factors:

  • Purpose of data processing
  • Legal requirement of data retention

Data should not be retained for longer time without any purpose and shouldn't keep the future scope in mind to process it later. But there is no restriction for retaining the data if the purpose still exists.

Who is Accountable for Data Processing and Retention?

Most often, it is required that every organization should maintain a detailed document specifying:

  1. What data is collected?
  2. How is it used?
  3. Where is it stored?
  4. Who is the responsible person?

Data Processing Office (DPO) to be appointed by the organizations, who will be the responsible person for the Data collection, processing, retention and deletion.

Has StoRegister adopted the Data Retention Policy?

Yes, StoRegister has take necessary measure in order to protect customer's personal data. Users can delete the customer data from the application and those deleted data will be archived for 14 days from the deletion date thus allowing customer to restore the data if required by themselves. Upon 14 days, archived data will be stored in the database for 56 days and after which data will be completed removed (erased) from the application and customers will have be able to restore it back.