Per­so­nal data must be dele­ted, for exam­p­le, after the pur­po­se of the pro­ces­sing no lon­ger appli­es and the neces­sa­ry reten­ti­on peri­ods have expi­red. It is the­r­e­fo­re not per­mis­si­ble to retain per­so­nal data for an unli­mi­t­ed peri­od of time.

This prin­ci­ple can be imple­men­ted most easi­ly by means of a com­pa­ny-wide dele­ti­on con­cept. Here, the dif­fe­rent data cate­go­ries are clas­si­fied and the dele­ti­on peri­ods are defi­ned for each cate­go­ry. Data records must then be dele­ted from the IT sys­tem after the dead­lines have expired.

The WKO Aus­tria has published the fol­lo­wing Link crea­ted a list of sto­rage and reten­ti­on peri­ods. The­se are well sui­ted as a tem­po­ral basis when crea­ting a dele­ti­on concept.

The fre­quent­ly assu­med mis­con­cep­ti­on that data must also be dele­ted from the back­up sys­tem does not app­ly, of cour­se. In the case of res­to­ring data from a back­up, data who­se dele­ti­on peri­od has been rea­ched must of cour­se be dele­ted again.

Pre­vious artic­le: Employee Pri­va­cy Awa­re­ness: #6 Accu­ra­cy of Data

Next artic­le: Employee Data Pro­tec­tion Awa­re­ness: #8 Data Security