Skip to content
Emily Helps Docs

Data Retention and Deletion

Introduction

Section titled “Introduction”

The GDPR requires that personal data be kept only for as long as necessary for the purposes for which it was collected (storage limitation principle). Establishing and implementing appropriate retention policies is essential for GDPR compliance.

Section titled “Legal Requirements”

Storage Limitation Principle

Section titled “Storage Limitation Principle”

Article 5(1)(e) GDPR requires that personal data be:

  • Kept in a form which permits identification of data subjects
  • For no longer than is necessary
  • For the purposes for which the personal data are processed

Exceptions

Section titled “Exceptions”

Longer retention is permitted for:

  • Archiving purposes in the public interest
  • Scientific or historical research purposes
  • Statistical purposes

Subject to appropriate safeguards for the rights and freedoms of individuals.

Accountability

Section titled “Accountability”

You must be able to demonstrate:

  • Why you need to retain data
  • How long you will retain it
  • That you regularly review retention periods
  • That you delete or anonymize data when no longer needed

Determining Retention Periods

Section titled “Determining Retention Periods”

Factors to Consider

Section titled “Factors to Consider”

  1. Legal Requirements

    • Statutory retention obligations
    • Tax and accounting laws
    • Employment legislation
    • Industry-specific regulations

  2. Legitimate Business Needs

    • Operational requirements
    • Historical reference
    • Audit and compliance
    • Legal defense

  3. Individual Expectations

    • Nature of the relationship
    • Context of data collection
    • Privacy notices provided
    • Reasonable expectations

  4. Risk Assessment

    • Impact of retaining data
    • Impact of deleting data
    • Security considerations
    • Compliance risks

Balancing Act

Section titled “Balancing Act”

Retention periods must balance:

  • Necessity of retention (business/legal needs)
  • Rights of individuals (privacy, erasure)
  • Risk of data breaches (less data = less risk)
  • Regulatory requirements (must retain vs. must delete)

Common Retention Periods

Section titled “Common Retention Periods”

Church and Parish Records

Section titled “Church and Parish Records”
Data TypeRetention PeriodBasis
Baptism recordsPermanentCanonical obligation
Confirmation recordsPermanentCanonical obligation
Marriage recordsPermanentCanonical obligation
Death recordsPermanentCanonical obligation
First communion recordsUntil no longer needed for administrative purposesLegitimate interest
Parish census/registrationWhile person is active member + 6 yearsLegitimate interest
Donation records (with gift aid)6 years after tax yearLegal obligation (tax law)
Safeguarding recordsVaries by jurisdictionLegal obligation

General Administration

Section titled “General Administration”
Data TypeRetention PeriodBasis
Financial records6-7 yearsLegal obligation
Employee records6 years after employment endsLegal obligation
Volunteer recordsWhile volunteering + 2 yearsLegitimate interest
Email correspondence2-3 years or as neededLegitimate interest
Marketing consentsUntil withdrawn + 1 yearConsent
Event attendance1 year after eventLegitimate interest
CCTV footage30 days (unless incident)Legitimate interest
Accident reports3-6 yearsLegal obligation

Digital Communications

Section titled “Digital Communications”
Data TypeRetention PeriodBasis
Newsletter subscriptionsUntil unsubscribedConsent
Email marketing consents2 years of inactivityConsent
Website analytics26 monthsLegitimate interest
Cookie consents13 monthsConsent
Contact form submissions1 yearLegitimate interest
Service inquiries2 yearsLegitimate interest

Note: These are general guidelines. Consult legal counsel for your specific jurisdiction and circumstances.

Implementing Retention Policies

Section titled “Implementing Retention Policies”

Step 1: Inventory Your Data

Section titled “Step 1: Inventory Your Data”
  • Identify all types of personal data processed
  • Document where data is stored (systems, backups, archives)
  • Map data flows and lifecycle
  • Identify data owners and custodians

Step 2: Define Retention Periods

Section titled “Step 2: Define Retention Periods”
  • Research legal retention requirements
  • Assess business necessity
  • Consider individual expectations
  • Document rationale for each retention period
  • Get legal review where appropriate

Step 3: Document Your Policy

Section titled “Step 3: Document Your Policy”

Create a data retention schedule that includes:

  • Data category or type
  • Retention period
  • Legal or business justification
  • Deletion method
  • Exceptions (e.g., legal holds)
  • Review frequency

Step 4: Implement Technical Controls

Section titled “Step 4: Implement Technical Controls”
  • Configure automated retention rules
  • Set up deletion workflows
  • Enable archiving where appropriate
  • Implement legal hold capabilities
  • Test deletion processes

Step 5: Monitor and Review

Section titled “Step 5: Monitor and Review”
  • Regular reviews of retention schedule
  • Audit compliance with retention policy
  • Update for legal/business changes
  • Document review activities
  • Report on compliance

Emily Helps Retention Features

Section titled “Emily Helps Retention Features”

Automated Retention

Section titled “Automated Retention”
  • Configurable Rules: Set retention periods by data type
  • Automated Deletion: Schedule automatic deletion after retention period
  • Soft Delete: Initial deletion with recovery period before permanent deletion
  • Cascading Deletion: Handle related records appropriately
  • Deletion Queue: Review and approve deletions before permanent removal

Retention Management

Section titled “Retention Management”
  • Retention Calendar: Visual timeline of retention periods
  • Expiration Alerts: Notifications when data approaches retention limit
  • Batch Operations: Process multiple records efficiently
  • Audit Trail: Complete log of deletion activities
  • Reporting: Track retention compliance and deletion activities

Exceptions and Overrides

Section titled “Exceptions and Overrides”
  • Legal Hold: Prevent deletion for legal proceedings
  • Retention Extension: Extend retention for specific records
  • Manual Review: Flag records requiring manual assessment
  • Exception Logging: Document all retention overrides
  • Approval Workflows: Multi-level approval for exceptions

Anonymization vs. Deletion

Section titled “Anonymization vs. Deletion”
  • Anonymization Tools: Remove identifying information
  • Pseudonymization: Replace identifiers with pseudonyms
  • Aggregation: Combine individual records into statistics
  • Retention of Anonymized Data: Keep data for statistical purposes
  • Reversibility Assessment: Ensure anonymization is irreversible

Special Considerations

Section titled “Special Considerations”

Sacramental Records

Section titled “Sacramental Records”

Canonical Requirements:

  • Catholic Church law requires permanent retention of sacramental registers
  • These records document the spiritual life of individuals
  • Canonical rights may depend on these records

GDPR Compliance:

  • Permanent retention justified by legal obligation (canon law)
  • Public task (religious organization’s official function)
  • Minimal data collection (only canonical requirements)
  • Secure storage and limited access

Best Practices:

  • Separate sacramental records from general parish administration
  • Restrict access to authorized personnel only
  • Document canonical basis for retention
  • Implement strong security measures

Backup Retention

Section titled “Backup Retention”

Challenge: Backups may contain data beyond retention periods

Solutions:

  • Document backup retention policy separately
  • Implement reasonable backup retention (e.g., 30-90 days)
  • Note in privacy policy that backups exist
  • Anonymize or delete from backups where technically feasible
  • Restore and delete specific records if required by law

Emily Helps Approach:

  • 30-day rolling backup retention
  • Backup-specific retention schedule
  • Ability to restore and delete from active systems
  • Documented backup retention justification
Section titled “Legal Holds”

When to Use:

  • Pending litigation
  • Government investigations
  • Regulatory proceedings
  • Dispute resolution

Implementation:

  • Suspend normal deletion for affected data
  • Identify and preserve relevant data
  • Document legal hold scope and duration
  • Notify relevant staff
  • Release hold when no longer needed

Archives

Section titled “Archives”

Archiving vs. Deletion:

  • Archive when data has historical or research value
  • Apply appropriate safeguards
  • Limit access to archived data
  • Regular review of archived data
  • Consider anonymization for archived data

Deletion Best Practices

Section titled “Deletion Best Practices”

Secure Deletion

Section titled “Secure Deletion”
  • Overwriting: Multiple overwrites of storage media
  • Degaussing: Magnetic field to destroy data on magnetic media
  • Physical Destruction: Shredding or incineration of hardware
  • Cryptographic Erasure: Destroy encryption keys
  • Certification: Obtain certificates of destruction

Deletion Methods by Data Type

Section titled “Deletion Methods by Data Type”
  • Database Records: Hard delete from database
  • Files: Secure deletion tools
  • Backups: Rotation and overwriting
  • Cloud Storage: Cryptographic erasure
  • Paper Records: Cross-cut shredding or incineration
  • Hardware: Physical destruction or certified wiping

Verification

Section titled “Verification”
  • Deletion Confirmations: Verify data is actually deleted
  • Audit Checks: Regular verification of deletion processes
  • Recovery Testing: Confirm data cannot be recovered
  • Documentation: Log all deletion activities

Creating Your Retention Schedule

Section titled “Creating Your Retention Schedule”

Template

Section titled “Template”
| Data Category               | Examples                        | Retention Period            | Legal Basis         | Deletion Method | Review Date |
| --------------------------- | ------------------------------- | --------------------------- | ------------------- | --------------- | ----------- |
| Sacramental records         | Baptism, confirmation, marriage | Permanent                   | Canon law           | N/A             | Annual      |
| Donation records (gift aid) | Donor details, amounts          | 6 years after tax year      | Tax law             | Secure deletion | Annual      |
| General donations           | Donor name, amount              | 2 years                     | Legitimate interest | Secure deletion | Annual      |
| Newsletter subscribers      | Email, name                     | Until unsubscribed + 1 year | Consent             | Secure deletion | Biannual    |

Sample Policy Statement

Section titled “Sample Policy Statement”

“Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected or as required by law. We have established retention periods for different categories of personal data, which are documented in our Data Retention Schedule. Data will be securely deleted or anonymized when it is no longer required. Retention periods are regularly reviewed and updated as necessary.”

Responding to Deletion Requests

Section titled “Responding to Deletion Requests”

Right to Erasure

Section titled “Right to Erasure”

When an individual requests deletion:

  1. Verify Identity: Confirm the requestor’s identity
  2. Check Grounds: Determine if right to erasure applies
  3. Check Exceptions: Identify any legal retention requirements
  4. Delete Data: Remove data from all systems if no exception applies
  5. Notify Recipients: Inform third parties if data was shared
  6. Confirm: Notify the individual of deletion

When You Can Refuse

Section titled “When You Can Refuse”
  • Legal obligation to retain data
  • Legal claims require the data
  • Public health reasons
  • Archiving, research, or statistics (with safeguards)
  • Freedom of expression reasons

See: Data Subject Rights - Right to Erasure

Monitoring Compliance

Section titled “Monitoring Compliance”

Key Metrics

Section titled “Key Metrics”
  • Data deletion completion rate
  • Average retention period by data type
  • Exceptions and overrides
  • Legal holds in place
  • Retention policy violations

Regular Reviews

Section titled “Regular Reviews”
  • Quarterly: Review deletion queue and exceptions
  • Biannually: Review retention periods and policies
  • Annually: Full audit of retention compliance
  • Ad hoc: When legal/business changes occur

Reporting

Section titled “Reporting”
  • Retention compliance reports
  • Deletion activity logs
  • Exception reports
  • Audit findings
  • Improvement recommendations
Section titled “Related Documentation”

Resources

Section titled “Resources”

Tools and Templates

Section titled “Tools and Templates”
  • Data retention schedule template
  • Retention policy template
  • Legal hold notice template
  • Deletion procedure checklist
  • Backup retention policy template

Further Reading

Section titled “Further Reading”
  • ICO Guide to Data Retention
  • Article 29 Working Party Opinion on Purpose Limitation
  • Sector-specific retention guidelines

Last updated: October 2025