You cannot store personal information forever
You cannot store personal information forever
Any purchase over the Internet requires the disclosure of personal data, which can only be stored for the necessary time. But many times it breaks. The GDPR Privacy Policy talks about a number of principles with the processing of personal data. One of them is the so-called limitation of the storage of personal data. This principle states that personal data will be stored only for the time necessary for the purpose of processing it. After this time, personal data should be automatically deleted. But does it actually work?
One-time purchase on the Internet
According to GDPR, after making a one-time purchase in a specialized e-shop, the customer's personal data should be kept only for the time necessary to claim his potential claim due to damage to the goods. However, for a maximum period of time that the customer has given their consent to receive business notifications.
However, there is also a legitimate interest in keeping personal data for a longer period of time, for example because of long-term monitoring of the market situation. This intent should be accurately identified and the customer informed.
Also, after a certain period of time, visitors' personal data should be deleted after a one-time visit or use of any other service. For example, this applies to customers who bought tickets online or paid for their purchases by card. Or if their movement around the service provider's premises is somehow monitored by a camera.
Regularity of purchase or loyalty programs
The situation is different when the entity is a regular user of the service, is participating in a customer loyalty program, or has given its explicit consent to continue sending business service provider communications.
Companies often violate the regulation
Automatic deletion of data after processing has ceased to be necessary for the purpose of processing is not yet customary. Data (often in duplicate or multiple times in various records and information systems) is kept for possible future use, without companies realizing that they are in breach of the regulations already in force.
It is also an unnecessary complication. The more data and records the company has, the greater the risk of data inaccuracy and redundancy in relation to the purpose of their processing. This implies a higher likelihood of data security breaches linked to the obligation to report such breaches and to bear the consequences of damages or possible sanctions. A company can prevent any fines by doing the following:
- checking the retention period of personal data,
- considering the purposes for which they are kept, when deciding whether and for how long to keep them,
- safely deleting and disposing of data that is no longer required for this purpose,
- updating, archiving, or securely deleting data that is out of date.
How long can you store them?
The answer is simple - as short as possible. This should take into account the reasons why the business needs to process this data, as well as legal obligations to retain data for a fixed period of time (such as national labor, tax or anti-fraud legislation that imposes on you the obligation to store personal data about your employees for a limited period, during the product warranty period, etc.).
Companies should set time limits for deletion or review of stored personal data. Exceptionally, personal data may be stored for longer periods for archiving purposes in the public interest or for scientific or historical research purposes. The company must also ensure that the stored data is correct and updated.
Vyhľadávanie
Most read articles
Categories
Recently added articles
Popular tags
Contact form
Preparation of Security Documentation in terms of GDPR from 139€ with insurance.
- Infoline:
- E-mail:
osobnyudaj.sk, s.r.o. Námestie osloboditeľov 3/A,
040 01 Košice
Non-binding free quote
from € 139 with insurance
We have provided services
to more than
11 500 clients
Questions and answers
Dear client, if you have not found
what you are looking for, do not hesitate
to contact us.
-
What is GDPR?
-
General Data Protection Regulation (GDPR) is the acronym for Regulation…
Find out more
-
-
Who is affected by the GDPR?
-
It applies to all persons processing personal data and any…
Find out more
-
-
What changes come with the GDPR?
-
The fundamental changes of the GDPR include: compulsory appointment of…
Find out more
-
-
Who is Data Protection Officer (DPO)?
-
All organizations processing personal data must count on the appointment…
Find out more
-
-
What happens if I do not comply with GDPR?
-
In the event of a breach of the GDPR regulation,…
Find out more
-
-
How can we help you?
-
Osobnyudaj.sk, s.r.o. is the largest provider of personal data protection…
Find out more
-
-
What are advantages of working with our company?
-
personal visits throughout the Slovak Republic are a matter of…
Find out more
-
-
What is personal data?
-
For the purposes of the GDPR, all information relating to…
Find out more
-
-
Who is Data Protection Officer?
-
All organizations processing personal data must count on the appointment…
Find out more
-