35—Elements for principle of storage limitation.

35. The elements necessary to implement the principle of storage limitation include—

(a)  having clear internal procedures for deletion and destruction;

(b)  determining what data and length of storage of personal data that is necessary for the purpose;

(c)  formulating internal retention statements of implementing them;

(d)  ensuring that it is not possible to re-identify anonymised data or recover deleted data and testing whether this is possible;

(e)  the ability to justify why the period of storage is necessary for the purpose, and disclosing the rationale behind the retention period; and

(f)  determining which personal data and length of storage is necessary for back-ups and logs.

186  PART V—ELEMENTS TO IMPLEMENT DATA PROTECTION BY DESIGN OR BY DEFAULT