Guides

Managing Personal Data Retention

Suggest Edits

One of the complexities with complying with GDPR is following data retention policy appropriate to a given piece of Personal Data. The duration that a "data controller" is allowed to store a customer’s information varies based on what type of data it is, how it was acquired, and how it has subsequently been used. Consequently knowing when Personal Data should be removed or archived can be quite complex and a daunting challenge to manage effectively.

The ALIAS API allows businesses, in their capacity as data controllers, to retrieve instructions as to what actions it needs to take in regards to Personal Data they are storing in their systems. Moreover these instructions will contain information about where the data is stored as well as the legal basis for why action must be taken.

Processing ALIAS Notifications (Instructions and Warnings)

Once the system is in place and Personal Data, the IT Team (or a program made by this team) can call the /instructions endpoint to receive the instructions that they should follow to keep the database in compliance with GDPR and the privacy policy defined within the processing records by the DPO

Instructions 🔧

Developers receive instructions to be implemented on the data that are referenced in Alias, according to the GDPR context computed by the Alias Engine, and the date of implementation of these instructions.

Instructions

Warnings ⚖️

The DPO receives notifications and warnings in its DPO UI if Alias detects previous instructions haven’t been respected.

List Warnings

Handling Incoherence
In cases when an Event is sent over regarding Personal Data that should not be concerned anymore by this event — for example because this specific personal data should not be stored anymore, this is referred to as an incoherence.

In this case there are warnings that are included in the JSON object given in response when the /instruction endpoint is called.

Creating Freeze Rules ⚖️

The DPO defines moments or periods when the application of one or more storage duration rules should be suspended, according to the events that are detected by Alias and the computed GDPR context.

Create FreezeRule

Updated over 3 years ago