Requirements for archiving personal data
Is the permanent retention of personal data in public sector information necessary for the purpose of archiving in the public interest? Then the General Data Protection Regulation allows you, as a governmental organisation, to retain personal data permanently on the basis of the Public Records Act.
On this page
These are the data that you are allowed to archive
You are allowed to archive 'ordinary' personal data in the public interest. You are also allowed to archive special categories of personal data, personal data relating to criminal convictions and offences and sensitive personal data (such as citizen service numbers).
Record what you retain and what you destroy
Pursuant to the Public Records Act, you are obliged to record the following in a selection list:
- which information you retain permanently;
- which information you destroy.
When deciding on a selection list, you have to weigh up two interests against each other:
- the purposes of the Public Records Act and the interest of the authenticity and integrity of archives;
- the importance of protection of the personal data in the information to be archived.
Note: It is important that information management employees cooperate closely with the Data Protection Officer (DPO) or other privacy experts within your organisation when deciding on the selection lists.
Determine if you have to archive personal data
On the basis of this weighing of interests, you have to decide if the personal data in your information have to be retained permanently. If the purpose of archiving in the public interest cannot be achieved when you remove the personal data from the information, then the personal data are necessary and you are therefore allowed to retain them.
Is it not necessary for you to permanently retain personal data? Then you have to remove these data from the information before transferring the information to the archive repository.
For all data processing operations, you are only allowed to use and retain those personal data that are necessary for the public duties for which you process them. Is the personal data no longer necessary for the performance of your public duties? Then, with a view to data minimisation, only those personal data that are necessary for archiving in the public interest may be retained permanently.
Apply 'privacy by design'
Do you know which personal data you have to and do not have to retain permanently, for example, based on the selection list? Then it is handy to organise your systems accordingly from the collection stage. This is called privacy by design. As a result, you will be able to filter out the personal data that do not require permanent retention faster and more efficiently and then destroy them.
Privacy safeguard: restrict public access
An important privacy safeguard is that you set restrictions to public access to data in the archive.