Part 4: GDPR – how long to keep data for

In this series of blogs on GDPR, I’m helping small businesses understand what this change in our data protection law will mean for them and also share tips and advice I’ve found useful for my own business, Sayers Solutions – Marketing and Strategy for Small Businesses.

Catch up on the previous blogs here:

To recap, GDPR stands for General Data Protection Regulation and will replace our current data protection laws from 25th May 2018. It is the biggest change to our data protection laws for over 20 years and is being introduced to strengthen EU citizens’ privacy rights.

How long should you keep data for?
So far in this blog series on GDPR I have covered documenting and evidencing where your data came from and making sure you have a valid reason for processing data. But you also need to think about how long you keep the data for.

So how long should you keep personal data? To answer simply – as long as you met a valid lawful basis for processing the data – you should keep it for only as long as it is still beneficial to both your business and the data subject. A clean database of people that connect and interact with your business, as in life, is much more productive than ‘throwing up’ on them on a regular basis. Also, GDPR requires you to keep the data you store secure. You’ll probably agree that it is not efficient to spend time and resource on securing data that is of no use to you. Better to delete it and maintain a cleaner and more useful database.

At Sayers Solutions, I advise my clients to regularly audit the data they have processed. This is fairly easy to do by using, or adding, the “date created” field in their CRM system and having another field automatically populate a future date to prompt them to review the data. To review the data, it should be assessed alongside information in the “lead source” and “reason for processing” fields to determine if the data is still relevant to either their business or the data subject. If the answer is no – my advice is to delete it to maintain a clean and relevant database of contacts.

Look out for my next blog covering why you should manage a ‘do not contact’ list.

Want more now?
Download the entire blog series in PDF here for free.

If you would like to discuss your GDPR compliance, or any other marketing activity, then please get in touch.  Sayers Solutions are well connected with experts on this matter and would love to help support your business.

If you want to arrange a conversation, we can chat over the phone or potentially skype. Give me a ring on 07790705223 during reasonable business hours (yours might be more generous than mine, so please don’t ring too early! #SchoolRunMum).

If you are in the Huddersfield/Wakefield/Leeds area let’s arrange to meet to discuss this or your marketing activity further.

Or email me through the website contact form

Like what you’ve seen?
If you’ve found this article useful and want to receive more carefully crafted advice and support tailored to small businesses please join our mailing list:


Merewyn Sayers
Sayers Solutions – Small Business Marketing and Strategy