Within Exponea our features allow you to control your client data in order to stay in compliance with GDPR and data protection.
The collected data should be kept for only as long as it is necessary for the purposes for which it is being processed. As the controller of the collected data, you have control over it and, hence, you are responsible for setting appropriate retention periods for them. This applies to both customer properties and event attributes.
Keeping data for just as long as it is necessary for the processing purposes might seem vague at first. However, the vagueness is intentional to allow application on an infinite number of cases, using common sense. Each case will be distinct and expiration limits should be considered, however, we have provided our own recommendations here.
Example 1 - Consent given for a specific time period
Sometimes the retention period is clear. For example, if the client gives you consent to process their data solely for the purpose of participating in an online competition, you should set the data expiration for the date when the competition ends. Similarly, if you are using legitimate interest for processing the data its purpose usually has a clear expiration date.
Example 2 - Consent given for unlimited time period
Often, the clients give you consent for a time period which is seemingly unlimited. For example, this is the case when your customers give you consent to use their data for analytics. Though the consent does not seem to have an expiration date, you cannot keep the data after it is not useful for your analytics. If you kept the data that you collected years ago it would be very hard to argue that it is useful for any relevant analysis today.
You can define custom expiration for each type of event (e.g.
purchase). These events will be automatically deleted when they pass their expiration period. To set your expiration periods go to
Data & Assets >
Data manager >
Expiration just as in the image below.
In the following table, you can see the recommended expiration periods for your events, which you can use as a baseline for your project. However, remember that these are just a starting point and these may differ across industries and specific projects. What matters is whether you can justify the particular expiration period in your particular project and its purposes. These purposes include collecting evidence for a possible data protection inquiry (unlimited retention period), making analyses that take into account seasonability (13 month retention period), recommendations and predictions (3 month retention period), and many more.
These expiration periods are based on an example of a specific industry. The ideal expiration periods may differ for different projects and cases. If needed, make sure to adjust these periods to your specific case. Remember to always consult your CSM before making any changes in an existing project to prevent deletion of important data.
Some of the recommended periods are set so as to ensure your website and customer knowledge can operate smoothly. One example of this is keeping a customer’s consent preference forever which ensures that your customers are not asked multiple times if they consent or are incorrectly contacted.
Updated about a year ago