A politica de retenção de dados deve estar diretamente ligada ao ciclo de vida dos dados e o prazo de guarda e descarte dos dados, que devem ser revisados e atualizados anualmente ou sempre que houver alteração por força de lei ou norma regulatória. A atuação do Encarregado de Tratamento de Dados/DPO é muito importante, no que diz respeito ao cumprimento da LGPD e demais normas e resoluções.

In the MENA region, personal data protection laws are still evolving. To address this, we prioritize the involvement of legal teams from each jurisdiction to conduct periodic reviews of all relevant laws and regulations to ensure that these updates are reflected in our internal manuals and compliance frameworks. These reviews are scheduled annually or biannually, with automated tools used to notify management and key stakeholders. This approach helps maintain compliance, reduce risks, and prevent oversight in data retention policies.

Maintaining up-to-date data retention policies necessitates a proactive strategy that incorporates ongoing compliance monitoring and artificial intelligence tools to identify obsolete data. Collaboration among legal, IT, and business departments is essential to ensure conformity with changing regulations and cybersecurity threats. Rather than adhering to fixed timelines, risk-based retention models emphasize the prioritization of data according to its sensitivity and business significance, thereby establishing a more strategic and flexible framework.

Data that has reached the end of its retention period and does not require archiving will be securely deleted to prevent unauthorized access or recovery. Data Stewards will work with the Data Owner as well as Data Users to ensure data is disposed of once it has reached the end of its retention schedule.

To keep data retention policies up to date, it’s important to review them regularly, at least once a year, to ensure they comply with current regulations and meet business needs. Involve key teams like IT, legal, and business leaders in the review process for a comprehensive approach. Using automated tools can also help flag outdated data and manage retention schedules. Regular training for employees and staying informed about new regulations are key to maintaining effective and compliant data retention practices.