You are reading a single comment by @deleted and its replies.
Click here to read the full conversation.
deleted-
Exactly, still have to have one though.
It’d be up to David to decide how long is long enough but you still have to delete everything you have on a person if after a set period of time, they have had no interaction with an organisation.
Forgive me if I’m wrong on any points, I’ve read very little about gdpr
PhilDAS
How about a retention policy. How long is a user’s data - however little, stored if they become inactive for example?