GDPR and Historical data

Do I have to delete all historical data?

No – If there is a legal basis to retain and use this data, then the GDPR should not prevent you from using this, or require you to delete this data. However, under GDPR you are required to identify the legal basis in line with the overarching principles.

You should review your data retention policies and ensure that you are not keeping historical data unnecessarily.

What if I want to keep personal data I have previously collected?

The requirement to keep data retention to a minimum is not a new concept. The DPA has always mandated that only necessary data should be collected and only used for as long as required. The same principle applies with the GDPR.

If there is a legal basis to retain and use this data, then the GDPR should not prevent you from using this. However, under GDPR you are required to identify the legal basis in line with the overarching principles.

ISO Download

Download the ISO Standards Blueprint

A step-by-step checklist for getting ISO certified

Share this post: