Complying with GDPR: A practical guide to data retention and deletion

by Sylvie Dessolin - Consulting Senior Manager
| minute read

Good news for any professional wrestling with GDPR compliance and, more specifically, with the issues of data retention and deletion: expert guidance is underway! It comes courtesy of the Luxembourg Data Protection Association and has been officially presented during a virtual event, sponsored by Sopra Steria.

The introduction of the European privacy legislation, better known as the GDPR (General Data Protection Regulation), has brought along its fair share of challenges that Data protection officers (DPOs) and other qualified personnel responsible for privacy and data protection, particularly in data-intensive industries and organisations.

In Luxembourg, the APDL (Association pour la Protection des Données au Luxembourg) offers since 2013 networking, knowledge sharing and raising awareness on personal data-related issues

Bridging the gap between law and technology

The APDL serves first and foremost as a platform for the exchange of ideas, best practices, and experiences. We have several Committees, in particular the “Technical Committee” which provides guidance, and regularly organises events, conferences and training sessions. It does so directly but also through partnerships. With Sopra Steria, for instance, it has already organised a breakfast conference to present guidance on a specific aspect of GDPR: Article 32, which deals with the implementation of technical and organisational measures that ensure an appropriate level of data security.

This document assists DPOs in bridging the gap between regulation, security and technology. Which is basically also what we do at Sopra Steria in our daily role as consultants specialised in data protection & regulatory compliance. This guide is still available, and it has already helped multiple DPOs, CISOs and Compliance officers to define the accurate Security measures, for example when conducting the DPIAs. If you would like a copy, please visit the APDL website.

2021: New guidance on Data retention and deletion

This spring, the Technical Committee presents a new practical guidance document that should be of service to anyone who must manage both the regulatory needs and requirements for data retention and the GDPR obligation to delete personal data at the end of a legal term. The guide deals with data retention and deletion management (including the treatment of backlogs of data or paper archives, cases encountered by many of us). More about that, however, in my next post.

During our online conference given on Tuesday, 30 March, we were happy to offer a session of knowledge sharing and discussion on this new guidance. Thank you to the more than 120 participants who joined the session, as it recognises and rewards the associative and voluntary teamwork of the members of the APDL and of the Technical Committee who share their knowledge and experience.

Click on the links for the practical guidance document or the slide deck from this event.