Personal data may only be stored for as long as necessary for the purposes of processing.
The controller must plan and be able to justify the storage time of the personal data. The storage times of personal data must also be documented.
The GDPR does not specify precise storage times for personal data. The controller must assess the storage time and necessity of the personal data in relation to the purpose of processing in question. Personal data may only be stored for as long as necessary for the purposes of processing. For example, the controller must assess and be able to justify the length of storage required for customer data after the end of the customer relationship. This storage time can be affected by factors such as the customer's right to file complaints.
The storage time of personal data can also be affected by national legislation, such as the Accounting Act. The controller must take such statutory requirements into consideration on its own initiative.
Personal data that is no longer necessary must be either anonymised or erased. The controller is required to ensure that its information systems and other processes support adherence to and the regular review of storage times. Data subjects can also request the controller to erase their personal data when it is no longer necessary for the purposes for which it was collected and processed.
Personal data may only be stored for longer than required by its original purposes of processing if the personal data is being processed solely
- for the purposes of archiving in the public interest;
- for scientific or historical research; or
- for the compilation of statistics, provided that the appropriate safeguards specified in the GDPR are adopted.
Such safeguards must include both technical and organisational measures for guaranteeing compliance with the principle of the minimisation of data in particular. The principle of minimisation also requires the minimisation of storage time. The processing of personal data is not permitted if the purposes of processing could be implemented with anonymous data.