The maintenance of documents in a production or live environment that can be accessed by an authorised user in the ordinary course of business.

      Retention is an essential part of being compliant with the storage limitation principle in Art. 5(1)(e) GDPR. All controllers should have a retention policy where they can set up standard retention periods for the different personal data that are being processed.

      The retention policies should list the different types of data or information the controller hold, what the data is used for, and how long you intend to keep it. This will help the controller set and record standard retention periods for different categories of personal data.