How do I build a data export without breaking retention rules?
An export is a new copy of personal data, so treat it like one: give it an expiry so it does not outlive its purpose, export only the fields and rows the purpose needs, and do not let a recurring export become a permanent, ungoverned second store. That is what GDPR storage limitation (Art. 5(1)(e)) is about.
Give the export an expiry
The exported file or table is a new store of personal data. Put a lifecycle rule or a scheduled cleanup on it so it is deleted when its purpose is served, rather than sitting around indefinitely.
Scope it to what is needed
Export only the fields and rows the purpose requires, not the whole table for convenience. A narrower export is less to protect and less to forget about later.
Do not create a shadow store
A recurring export into a bucket with no lifecycle quietly becomes a second copy of your personal data that no retention policy covers. Put a lifecycle policy on the destination from the start.
const path = await writeExport(rows)+ await scheduleDeletion(path, { afterDays: 7 }) return pathThe export is scheduled for deletion instead of accumulating as a permanent copy of personal data outside your retention policy.