Search

How can we help?

Frequently asked questions on data retention

Data retention is the storage of data for a specific period, guided by legal, operational, and regulatory considerations. While data minimisation principles advocate for limiting the collection and storage of personal data, retaining certain information is often necessary for various purposes.

In this podcast, Jesse Akiwumi and Harry Berryman, members of the Data Protection team at Clarkslegal, address the top frequently asked questions we receive about data retention. These questions include:

  • How long can an organisation lawfully keep data?
  • What happens to data that is shared with others?
  • Why is it important to limit the storage of data?
  • Do organisations need policies to govern what data is retained and what is destroyed?
  • What are the consequences of wrongfully deleting information? Can an organisation face criminal charges for deleting or altering information that an individual has requested?
  • Can an organisation destroy or amend information after responding to a request?

If your organisation needs help drafting a data retention policy or employee training on data protection requirements, please contact our Data Protection Lawyers.

Harry Berryman

Solicitor

View profile

+44 118 960 4636

Jesse Akiwumi

Solicitor

View profile

+44 118 960 4662

Read, listen and watch our latest insights

art
  • 27 May 2025
  • Privacy and Data Protection

Extension of UK adequacy: The European Data Protection Board adopts the European Commission’s decision

Earlier this year, the European Commission adopted an extension of the two 2021 adequacy decisions with the UK for a period of six months, until 27 December 2025.

art
  • 21 May 2025
  • Privacy and Data Protection

ICO investigating online platforms and the importance of having a good privacy notice

The ICO has recently reported that it is investigating how social media and video sharing platforms use UK children’s personal information.

art
  • 15 May 2025
  • Privacy and Data Protection

Ashley v HMRC – The High Court clarifies the scope of Data Subject Access Requests

DSARs are very rarely the subject of litigation, and they are even rarer in the High Court, so the case of Ashley v HMRC is a valuable decision for both data subjects and data controllers.

art
  • 29 April 2025
  • Privacy and Data Protection

Use of Personal Devices at Work: Why a Bring Your Own Device Policy is Essential

If you have employees who bring their own devices into the workplace and use said devices to deal with company data, you may want to consider a Bring Your Own Device (“BYOD”) policy.

art
  • 29 April 2025
  • Privacy and Data Protection

Update on the Data (Use and Access) Bill

We will highlight in this article what changes have been made to the DUAB since the early stages of the Bill.

art
  • 07 April 2025
  • Privacy and Data Protection

Can an employer monitor employees at work?

Can an employer lawfully monitor their employee, without their knowledge, if they suspect wrongdoing?