Care Certificate

250 videos, 11 hours and 6 minutes

Course Content

Storage limitation

Video 226 of 250
2 min 17 sec
Want to watch this video? Sign up for the course or enter your email below to watch one free video.

Unlock This Video Now for FREE

This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.

Storage Limitation: GDPR Privacy Principle


The fifth privacy principle, known as Storage Limitation, states:

“Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.”

Compliance Requirements

To comply with this principle:

  • Reasonable Retention: Personal data should not be kept longer than necessary.
  • Justification: Reasons for retaining data must be justified based on processing purposes.
  • Retention Policy: Establish standard retention periods for different processing activities.
  • Periodic Review: Review data periodically to ensure compliance.

Data Erasure and Anonymisation


  • Erasure: Data is erased or anonymised when no longer needed.
  • Subject Requests: Processes are in place to handle requests for erasure.

Benefits of Timely Data Management

Timely management:

  • Reduced Risks: Reduces risks of data becoming inaccurate, excessive, or irrelevant.
  • Lawful Basis: Ensures compliance with lawful basis for data retention.
  • Cost and Security: Reduces storage costs and potential security risks.

Information Provision

Include in Privacy Policy:

  • Retention Periods: Information about how long personal data will be retained.
  • Examples: Provide examples of retention periods based on data types.

Importance of Retention Policy

Even for small organisations:

  • Documentation: Establish a clear retention policy for data management.
  • Review and Justification: Helps review and justify data retention practices.