Storage Limitation vs Purpose Limitation in GDPR

Under GDPR, the storage limitation principle mandates that personal data should only be retained as long as necessary for its intended purpose, while the purpose limitation principle requires that data be collected for specific, legitimate purposes and not further processed in a way that is incompatible with those purposes.


Storage Limitation Principle
The storage limitation principle is outlined in Article 5(1)(e) of the GDPR. It states that personal data must be kept in a form that allows identification of data subjects for no longer than necessary for the purposes for which the data is processed. Here are the key points:


Retention Periods: Organizations must define and document how long they will retain personal data based on its intended purpose. Once the purpose is fulfilled, the data should be deleted or anonymized.


Regular Reviews: It is essential to conduct periodic reviews of stored data to ensure compliance with retention policies and to delete any data that is no longer necessary.


Legal Obligations: In some cases, data may need to be retained for longer periods due to legal obligations, such as tax or accounting laws.


Purpose Limitation Principle
The purpose limitation principle, also found in Article 5(1)(b) of the GDPR, requires that personal data be collected for specified, explicit, and legitimate purposes. Key aspects include:


Specified Purposes: Organizations must clearly define the purposes for which personal data is collected at the time of collection. This helps ensure transparency and accountability.


Incompatibility of Further Processing: Data collected for one purpose cannot be used for another purpose that is incompatible with the original intent. For example, if data is collected for marketing, it cannot be used for recruitment without a valid legal basis.


Function Creep Prevention: Organizations should regularly review their data processing activities to prevent “function creep,” where data is used for purposes beyond those originally specified.

Best Practices for Compliance
Develop Retention Policies: Organizations should create clear data retention policies that specify how long different types of data will be kept and the conditions for deletion.


Conduct Data Audits: Regular audits of data holdings can help identify unnecessary data and ensure compliance with both storage and purpose limitation principles.


Educate Staff: Training staff on GDPR compliance and the importance of these principles can help mitigate risks associated with data retention and processing.

By adhering to these principles, organizations can protect individuals’ privacy and ensure compliance with GDPR regulations.

Leave a Reply

About Daniella-Jade Lowe

Hello, My name is Daniella Jade Lowe. I am a PURSUN researcher and I am working on marketing myself as an Accessibility Consultant. Journalism and Politics are my passion. I have a BA degree in History and Politics. What type of disability do you have? At birth, I was diagnosed with Spina Bifida and Hydrocephalus which are neurological conditions. As a result, I use a wheelchair for mobility. What is disability to you? The only disability is a bad attitude. I have a disability. It doesn’t completely define me; it just enhances me in a way which differentiates and strengthens me. My disability should be viewed as an ability: to see the world in a different way. I don’t really like the term because sometimes it indirectly implies someone is dysfunctional or helpless. The most important thing is to never make assumptions. Someone with a disability can be very, physically, fit and strong, highly intelligent and articulate. What has been your experience from the time you remember till now? - positive and negative experiences. My life as a wheelchair user has been generally okay. Wheelchair Accessibility is frustrating. I was teased a little in school. Other than that, life is great. How do you cope with: -daily activities - your disability, do you have times when you are down - people's reactions towards you. I have carers, a Social worker, District Nurses, a GP, and extended family in this country. I am also in contact with a local disability charity in Yorkshire. I also have a friendly landlord. How do you keep yourself motivated? I must stay organised and practice good time management. I also prioritise my plans. What is your word or advice - to those with disabilities? - to the society Don’t let people put you in a box. You have a voice, use it. 10. Tell us about your platforms if you have any- Blog: The View from Where I Sit Facebook: Daniella Jade Lowe Instagram: @daniellajadelowe/@theviewfromwheresitblog Thank you!