Telling the truth about SME life today

How long do we need to keep personal data for?


How long does the business need to keep personal data for” u2028


The Data Protection Act 1998’s fifth data protection principle requires that personal data is not kept for longer than is necessary, and what is necessary depends on your specific circumstances. 

For this reason, your business will need a data retention policy to determine how long each type of data can be kept for, and to ensure that it is disposed of in a secure manner at the end of that period. 

Bear in mind that you may well need to retain data for a period of time after your relationship with the individual has ceased, for example to defend potential legal claims and for taxation purposes. 

The crucial factor is to be able to justify why you are holding on to the information, as it is not acceptable to retain it “just in case”. 

How long you retain personal data is likely to depend on:

  • what the information is used for;
  • the surrounding circumstances, eg, when the relationship with the customer has ended;
  • legal or regulatory requirements; and
  • agreed industry practice.

Tomorrow: Are we allowed to transfer our customer data abroad

Peter Harthan is a solicitor at Riverview Solicitors.


Related Stories

More From

Most Read


If you enjoyed this article,
why not join our newsletter?

We promise only quality content, tailored to suit what our readers like to see!