Data Retention Policy Template


The purpose of this policy is to set out the data retention periods for data held by the organisation.

For the document contents see the description below. A document extract is in the images to the left.

You may also like the full ISO 27001 policy template pack for all 26 ISO 27001 policies.


SKU: ISO27001POL25 Category: Tag:

Data Retention Policy Template


The purpose of this policy is to ensure that necessary records, documents and information of the company containing personal data are retained for no longer than necessary for the purposes for which personal data are processed.


All company employees and external party users.
Personal Data as defined by GDPR.


The GDPR principle of Data Storage Limitation for personal data.

Data Retention Policy Template Contents

Document Version Control 2
Document Contents Page 3
Purpose 5
Scope 5
Data Retention Policy 5
Principle 5
Agreement of Retention Periods 5
Record of Retention Periods 6
Expiry of Retention Period 6
Suspension of Record Disposal in the event of litigation or claims 6
Data Retention Schedule 7
Card Holder Data Retention 7
Human Resources 10
Finance 14
Health and Safety 19
Communication Tools for General Communications 21
Information Security and Data Protection 22
Customer Data 24
Policy Compliance 25
Compliance Measurement 25
Exceptions 25
Non-Compliance 25
Continual Improvement 25

High Table ISO 27001 Store

The High Table ISO 27001 store for ISO 27001 policies and ISO 27001 ISMS documents is built on 20 years of experience and real world usage, used to pass hundreds of ISO 27001 audits globally.

Customer reviews


There are no reviews yet.

Be the first to review “Data Retention Policy Template”

You may also like…

Scroll to Top