Skip to content

Back to Glossary Home  | Data Retention Policy

Data Retention Policy

What is a Data Retention Policy?

A data retention policy outlines how long different types of data should be kept based on regulatory, operational, or legal requirements. Depending on the details of the policy, after the retention period expires, data may be deleted or moved to an alternate storage location.

Why is Data Retention Important?

Protecting data is an important part of keeping an organization moving. Poor data management practices can bring about civil, financial, or even criminal consequences. A data retention policy reduces the likelihood of being subject to legal action for data loss or mishandling.

In addition to abiding by any pertinent regulations and legal statutes, a data retention policy can also make your company more efficient. Understanding what to keep and for how long can streamline the process of data retention. Your organization can even allow automation to take over some tasks.

Data retention is also important from a data protection and data resiliency standpoint. Should a data breach occur, you could open your organization up to exposing years or even decades of data without a policy in place. Plus, additional unnecessary data can increase the attack surface and increase the likelihood of a data breach.

What Should a Data Retention Policy Include?

A data retention policy should include:

  • What data needs to be retained
  • How long data should be retained, including differences between types of data, if applicable
  • Where the data should be stored
  • What should happen to the data once the retention period is over
  • How often should you audit the policy

What are the Benefits of a Data Retention Policy?

Creating a data retention policy comes with data management, compliance, security, and disaster recovery benefits.

Organizations that have customers or visitors in the EU need to abide by the General Data Protection Regulation (GDPR), which has set data retention expectations. This and other regulations can be met by creating a retention policy.

From a data management standpoint, deleting what is no longer needed can protect more data from unauthorized access and reduce the chance of data breaches. Plus, deleting unneccessary data on a regular basis can cut down on storage costs.

A plan for data retention can also highlight what data is mission-critical. Understanding what needs to be retained to continue operations post-disaster can help ensure business continuity. Plus, if less data needs to be restored, the recovery process can be faster and more efficient.

What is a Data Retention Period?

A data retention period defines how long certain types of data should be kept. It can also identify how data is stored or deleted. Retention periods will vary based on the type of data being considered, how it is used at the organization, and any legal requirements attached to it. For example, most tax data needs to be saved for seven years.

How Do You Ensure Data Retention?

The best way to ensure data retention is by establishing a data retention policy with a team. This team should be representative of all departments that will be impacted by the policy to guarantee their concerns and needs will be met.

When creating the policy, you should confirm that you’re satisfying all regulatory requirements, prioritizing the data that is most important to your organization, and appointing people to enact, train, and reinforce the policy as it is written

How TierPoint Can Ensure Data Retention?

TierPoint’s experts are ready to help you form a data retention policy and augment your plan with our solutions. Our business continuity services minimize data loss and downtime, allowing for faster and more effective recovery. Proactive security solutions can help you address regulatory requirements in your data retention policies and control your IT costs.

Related Terms