This blogpost summarises our recent webinar: “An urgent message from Berlin: The importance of record retention in privacy and cybersecurity”.
Why should this be a high priority project?
Increased regulation and enforcement action
In 2019, we saw regulators put a renewed focus on how long businesses retain personal information.
The most significant action came in October, when the Berlin Commissioner for Data Protection and Freedom of Information issued a €14.5million fine against German real estate company, Deutsche Wohnen SE, relating to the excessive retention of personal data. This sends a clear message that organisations can no longer ignore their obligations relating to data retention. The authority claimed a violation of data minimisation and privacy by design principles under the EU General Data Protection Regulation (GDPR).
Over in Denmark, the Danish data protection authority also imposed fines against two companies. The first was against taxi company Taxa 4×35 which was fined €160,000 for failure to justify why certain of their customers’ personal data was retained. The second was against a furniture company, IDdesign A/S, which was fined…
