35. The elements necessary to implement the principle of storage limitation include—
(a) having clear internal procedures for deletion and destruction;
(b) determining what data and length of storage of personal data that is necessary for the purpose;
(c) formulating internal retention statements of implementing them;
(d) ensuring that it is not possible to re-identify anonymised data or recover deleted data and testing whether this is possible;
(e) the ability to justify why the period of storage is necessary for the purpose, and disclosing the rationale behind the retention period; and
(f) determining which personal data and length of storage is necessary for back-ups and logs.