GDPR: Data Retention Requirement for Relevant Duration | WisdomPlexus

GDPR: Data Retention Requirement for Relevant Duration

In the case of data retention, the duration of the deposit depends on the respectively stored personal communication

What is Data Retention?

The data retention by definition means the collection and permanent storage of personal data, without first an explicitly stipulated storage purpose or reason is given.

Inexplicit, however, these stored data should be made available to the public authorities, if against a certain person the suspicion of a serious criminal act exists and thus serve the enlightenment.

The purpose of the General Data Protection Regulation is to empower professionals in the management of the information they collect. It encourages to ask only the minimum of information and to protect the customers.

So if in your business you can settle for a minimum of information, no need to ask your customers their date of birth, or their profession for example, which are so-called “sensitive” data.

Data Retention: What exactly is stored?

Firstly, according to the data retention rules, certain categories of personal data of providers and telecommunications services are to be stored, namely:

  • Location data when recording a phone call via mobile phone (This affects all participants in the phone calls, i.e. both callers and called parties.)
  • Location data at the beginning of mobile Internet use via mobile phone or other mobile communication devices (including WhatsApp usage, Skype, etc.)
  • For SMS / MMS messages, both the numbers and the transmission and reception times

The maximum retention period for data retention: How long should the data be stored?

In the case of data retention, the duration of the deposit depends on the respectively stored personal communication data. There are two categories to be distinguished:

  • Captured location data must be stored for four weeks, regardless of whether it results from mobile Internet use or a phone call.
  • All other stored data must be deposited with the providers and telecommunications service providers for ten weeks. After the deadline, the stored data must be safely deleted.

There are some examples of how long should the data be stored. In particular, you must know that the contact details of a person with whom you have not had a commercial contract for three years must be removed from your database.

In addition, if someone asks you to stop contacting them to offer your services, you must also remove them entirely from your lists.


Data security is crucial, the GDPR being able to justify how you protect your data. At all costs, your workstation requires a password to unlock it. Likewise, your work sessions on the software you use must be protected by passwords.

And ideally, it should be changed regularly. And most importantly do not take this data protection issue lightly. The fact of worrying about it and letting it know your customers/prospects is a guarantee of seriousness, credibility, and trust.

Key elements in the customer relationship. Here, I hope I have brought you some useful clarifications.

You May Also Like To Read-
A More Tougher Data Privacy Law to Hit U.S. than GDPR
Has GDPR Pop-Ups Restricted My Access to Information on the Web?

About Jason Hoffman

I am the Director of Sales and Marketing at Wisdomplexus, capturing market share with E-mail marketing, Blogs and Social media promotion. I spend major part of my day geeking out on all the latest technology trends like artificial intelligence, machine learning, deep learning, cloud computing, 5G and many more. You can read my opinion in regards to these technologies via blogs on our website.