Legal Monster is now Openli. Learn more

Openli logo

Easy introduction to GDPR - Lesson 8

Data retention, data deletion, and data limitation are GDPR principles crucial for companies that process data. The purpose of the principles is to store and process only the necessary data and only for as long as it’s required. In this lesson, we will focus on what precisely these principles entail and why they are essential.

To watch this video join our free video courses on GDPR and website compliance.

Compliance school

What is GDPR? Video transcription

So the GDPR can say a lot of important principles. We've covered some of them in this episode, we'll take a few more. One is data retention. Another one is data deletion, and then there's data limitation. So what do these core principles mean? Well, they talk about only being allowed to store and process data that you need.

It's not a nice to have. It's a need to have a principal. It also means that you are obligated to have a policy that defines for how long you're keeping data. When are you deleting it? As an example, if you're receiving job applications, you need to delete those applications six months after you've received them.

If you, of course, didn't hire that employee. So these are some of the core principles. Another thing is also data limitation. It means that you can't just get all the data in the world and store it and keep it. You're only allowed to have the data that is necessary. So back to the principle; data has to be on the core principle of the need to have a, not nice to have.