How long can we keep information about people?

While organizations can set their own data retention periods, the challenge is to track retention of every single personal data record in all systems!

Regarding the “Retention” of personal data, GDPR, CPRA, KVKK, and related privacy legislation include a frequent misconception. Despite the strictness of the legislation, the retention standards are not specified by these laws.

Here is a summary of what organizations can and must do about retentions:

  • Organizations can set their own deadlines/retentions for getting rid of data based on their operational and regulatory compliance needs.
  • Organizations MUST write down and explain why they chose the time frame.
  • Laws and rules must be taken into account when keeping personal information.
  • Organizations CANNOT keep personal information for longer than what is written in their retention policies.
  • Organizations MUST keep track of how long each “personal data record” is kept.
  • Dispose each piece of personal information once its retention period is up.

So what's the problem??

Organizations have a lot of different departments and ways to manage information. These systems share information. During many processes in an organization, retentions are never set or lost. The challenge is to be able to keep track of every record in the company and every copy of every record in one place. Organizations use a wide range of business solutions, which makes things more complicated.

GovernID’s GID-O is a unique way to help deal with this complicated situation. GID-O is a privacy solution that makes it possible to keep track of and report on tens of thousands of different process retentions.

GID-O takes advantage of the power of combining several needed privacy features into a single solution. Here’s what organizations start with GID-O to be in compliance:

  • Have access to all personal data retentions and be able to report on them.
  • Keep track of data that will soon expire and report on it.
  • Find all copies of data records that have expired so they can be thrown away.
  • Answer the DSAR/SRR the same day, or even within minutes.
  • Give the data subject a self-service portal

GID-O helps organizations build trust through transparency and gain loyal consumers.

In order to meet the ever-evolving privacy standards, it is no longer sufficient to merely comply with legislation and amendments. You’re only a mouse click away from working with our GovernID partners to develop a comprehensive privacy strategy tailored to your company’s unique goals and objectives. BEGIN RIGHT NOW

Related Material for Your Review