For how ling is data about you stored?

This text is set by default and is suitable for edit in real time. By default the drag and drop core feature will allow you to position it anywhere on the site. Get creative, Make Web.


Personal data may not be kept longer than necessary for the purpose for which it was obtained, i.e. there is a storage restriction. This period over which personal data is stored is also referred to as a retention period.
There are statutory storage periods that an organisation must comply with, such as a period of seven years for the financial accounting for tax authorities. However, some retention periods are not embedded in a law.

The GDPR itself does not specify any specific retention periods. An organisation must decide for itself how long personal data is necessary for the purpose for which the organisation has collected it.

After the retention period is ended, the organisation must delete the data. The organisation may keep the data for longer if the it’s intended for scientific, historical or statistical purposes, provided that the rights and freedoms of those involved are protected.  



Organisationsmust set periods for which data is collected and used. Once this period expires,data must be deleted.


There are statutory retention periods, for instance for compliance with tax, employment or health regulations. However, most retention periods must be set by organisations themselves. These should meet the storage limitation principle.