The GDPR principle of storage limitation determines that personal data must be erased (or anonymised) when ‘no longer necessary’.
As such, data controllers must embed appropriate technical and organisational measures into operations, to allow for the periodical review of personal data and to the erasure (or anonymisation) of any ‘non-necessary’ data, thus achieving compliance with GDPR’s data storage requirements.
An overview on the impact of the ‘storage limitation’ principle on organisations’ operations will be undertaken, considering:
– Storage limitation (structured, unstructured data);
– Data minimisation (data collection, data hygiene);
– Time limitation (retention policies, procedures and time schedules);
– Risks of non-compliance (Data subject rights, data breaches).
This session will thus provide a holistic and pragmatic framework-based approach to storage limitation and its ongoing compliance.
Virgilio Lobato Cervantes holds an LLB Honours degree in Law and a Master of Arts degree in International Tourism and Aviation Management. He is a certified Data Protection Officer by the University of Maastricht (ECPC-B DPO). Currently pursues a Doctorate degree in law at the University of Reading. Virgilio’s research focus is on EU data protection and privacy law.
England and Wales Qualified Paralegal Lawyer, member of the Professional Paralegal Register (PPR Tier 3) and the Institute of Paralegals (Q.Inst.Pa.), specialised in Data Protection and Privacy Law, Virgilio presently takes on the role of Data Protection Compliance Manager at Countrywide PLC, the UK’s largest property services group.