Glossary

Data retention

Also: storage limitation

Data retention is how long you keep data before deleting it. Under GDPR's storage-limitation principle (Art. 5(1)(e)), personal data should not be kept in an identifiable form for longer than the purpose needs, so most personal-data stores need a defined retention period (with narrow exceptions, such as archiving or research, under safeguards).

In code

It breaks when a new personal-data store ships with no expiry, a retention or purge job is removed, or a 'delete' is changed to a soft-delete flag that keeps the data forever. It is closely tied to the right to erasure.

GDPR storage limitation in code

Get early access ← All terms