Use this template to set the foundational requirements of data retention within the organization. Outline the following requirements:
- The organization will employ the principle of data minimization.
- Data will be stored for the shortest possible time, accounting for legal obligations for extended retention.
- At the end of retention, data may be deleted or sufficiently anonymized.
- Data must be kept accurate and up-to-date.
- A data retention schedule will document what data is stored and the duration of retention.
This policy contains GDPR-specific language, making it easy to use if it is applicable to your organization.