In this series, Trilateral Research analyses key risk assessment areas for the GDPR implementation. This second week, we are looking into the assessment of data storage, retention, and deletion. This series is an opportunity to share insights into technical areas we often analyse for our clients in the private and public sector, such as:
- Assessment of data flow, transfer, and sharing
- Assessment of data storage, retention, and deletion
- Assessment of access control and security
- Assessment of access procedures, policy, and legal contracts
Assessment of data storage, retention, and deletion
Data is generally stored using a combination of different database technologies such as
Typically, the design of these databases are based on the business purpose such as:
- processing requirements (real-time/batch)
- access speed (read/write)
- storage requirements (permanent/temporarily)
Another element is data management in terms of backup, retention, and deletion which could be made either time-dependent (minutes, hourly, daily, monthly, yearly) or rule-based (consent, opt-in/opt-out, receiving of updated data).
Information on such storage, retention and deletion requirements are required for completion of Data Protection Impact Assessments when producing the systematic description of the system under examination. It is also valuable information when assessing complex questions around the linkability of data which feeds into the ability to de-anonymise individuals by combining datum stored in disparate databases.
Our GDPR service offering includes:
- Data Protection Impact Assessments of existing and proposed technologies, leveraging both our technical and data protection expertise
- Assessment and updating existing privacy notices and consent requirements for our clients
- Assessing the legal basis for processing our clients’ businesses rely upon, and assessing and updating their policies and procedures
Data Protection Impact Assessment (DPIA)
Trilateral provides compliance roadmaps and DPIA templates for organisations, as well as train their staff to complete these activities, thereby assisting them to manage their future compliance costs.
Do you really need a Data Protection Officer (DPO)?
We provide an external DPO service for businesses and organisations who do not need or cannot currently justify, employing a full-time internal DPO.
For more information please contact our team.