Not sure how long different teams in your company retain sensitive personal data? Is it possible you have legacy systems collecting dust but kept around “just in case?”
DPSA CAN HELP.
In our experience, most clients answer “forever” and “yes,” to those questions, even when they have a Records Retention Policy.
Implementing or updating Records Retention Policies has become a priority in response to privacy regulations including the GDPR, the CCPA, and California’s new CPRA. Data Minimization is core to these regulations, which carry potential regulatory fines and penalties for breaches that can make it very expensive to keep unneeded data.
As part of our Record Retention Policy development service, DPSA will assist your organization in: