Data retention
Data retention is the storing and managing of data and records for a designated period. The period is defined based on operational and regulatory requirements. The following guidelines should be followed:
Data retention policies [Mandatory]
- Classify your data into categories based on factors such as sensitivity, importance, and compliance requirements. Different categories may have different retention periods
- Define data retention policies based on the operational needs of the institutions, regulations and storage costs
- Document data retention policies in detail. This should include information about the data categories, retention periods, triggers for retention start, and procedures for data deletion
- Periodically review and update data retention policies to ensure they remain aligned with changing operational needs and evolving regulations
Data purging [Recommended]
Data purging involves permanently deleting data that is no longer required or relevant. Document the procedures for data purging, including who is responsible for initiating purging, how it is executed, and how verification is done