In today’s digital age, where personal data is the currency of the internet, understanding how your information is collected, stored, and used has never been more critical. This is because data breaches are becoming all too common. Privacy concerns are at an all-time high. Because of this It is essential to pay close attention to privacy notices and their data retention. A privacy notice tells you a lot about an organization.

At filerskeepers, we’re dedicated to helping you navigate the complex world of retention schedules. In this blog post, we’ll delve into the nuances of data retention as outlined in privacy notices.

What is Data Retention?

Data retention refers to the period for which data is kept by an organization after it has fulfilled its original purpose. This period can vary depending on legal requirements, business needs, and other factors. Understanding how long your data will be retained is crucial for maintaining control over your privacy. Organizations need to be ensuring compliance with relevant regulations such as the General Data Protection Regulation (GDPR).

Deciphering Privacy Notices

Privacy notices inform individuals about how their personal data is collected, used, and protected by an organization. They are typically provided when data is collected from individuals and are an essential tool for transparency and accountability. It is a requirement to have one if you have a website but a lot of organizations will use that privacy notice to detail other interactions.

When reviewing a privacy notice, pay close attention to the section on processing where they advise about data retention. This will outline how long your personal data will be retained and the criteria used to determine this period. Look for specific information such as:

  1. Retention Period: The notice should specify the length of time your data will be kept. e.g. Date of Birth plus 6 years, Last action/entry plus 8 years, etc.
  2. Purpose: Data should only be retained for as long as necessary to fulfil the purpose for which it was collected. The privacy notice should explain the purposes for which your data is being processed, and how long it will be retained for each purpose. Some purposes enable you to ask for data to be
  3. Legal Basis: The notice should also explain the legal basis for processing your data and any legal obligations that determine the retention period.
  4. Your Rights: Finally, the notice should outline your rights regarding data retention. These include the right to request access to your data, the right to rectify inaccurate data, and the right to erasure (commonly known as the right to be forgotten).

Data Retention Red Flags

Naturally, there are some terrible privacy notices out there so if you are not finding data retention listed, then you need to be asking questions. This should be a huge red flag for you. Not respecting individuals’ rights is being picked up by information commissioners. This was picked up in the case against CANAL+ in which they were fined 600,000 euros. Read more about it here.

It should be noted that a retention period is not a guaranteed destruction date. It is a ‘line in the sand’ to say that the organization you’re having your data processed by won’t be considering deletion until at least that time frame has expired. After that date, they would need to reassess whether they need to keep the data any longer. They cannot just keep data forever. If a company cannot share what their planned retention for data is, it can lead them to be fined as well. The Dutch DPA fined Uber recently for the very same thing. Read here.

Why Data Retention Matters

Understanding data retention is crucial for several reasons:

  1. Privacy and Security: The longer data is retained, the greater the risk of unauthorized access or misuse. By knowing how long your data will be kept, you can take steps to protect your privacy and ensure that your information is not retained longer than necessary.
  2. Trust and Transparency: Transparent data retention policies build trust with customers and demonstrate a commitment to protecting their privacy. By clearly communicating how long data will be retained and for what purposes, organizations can foster trust and loyalty among their user base.
  3. Compliance: Many regulations impose strict requirements on data retention. Failure to comply with these requirements can result in hefty fines and/or damage to reputation. By understanding data retention, organizations can ensure compliance with relevant laws and regulations. This is something that filerskeepers are passionate about.


Data retention is a complex and multifaceted issue that requires careful consideration. Consideration is required by both organizations and individuals. By understanding the nuances of data retention, you can take control of your personal information and ensure that it is handled responsibly and in accordance with applicable laws and regulations.

At filerskeepers, we’re committed to promoting data privacy and helping organizations navigate the complexities of data protection. If you have any questions about data retention or privacy notices, don’t hesitate to get in touch. Your privacy is our priority, and we’re here to help you every step of the way. Find out more here.