data storage

The Basics of Data Retention

A data retention policy is an organization's formal guideline regarding data storage and removal. Setting up a data retention policy helps ensure your organization follows all regulations surrounding personal and business data and helps manage legal risk in the event of loss or a data breach.

These policies can help you manage your storage space, remove old or irrelevant files, and ensure your compliance with legal regulations. For these reasons, it is key that you not only develop a data retention policy but that you train your entire organization to follow it. To get you started, we've outlined a few things to think about when setting up your policy:


Select a team to develop your policy.

Developing any company-wide policy cannot be a one-person operation.  You must make sure you have input from all stakeholders in your organization, including your legal team, executive board, IT department, managerial staff, and finance team. There may be other people in your organization who should participate in the creation of your data retention policy.


Make sure you comply.

In addition to HIPAA and GDPR privacy regulations, there are a variety of financial, governmental, and local policies that can determine how and for how long your data must be kept. Compliance is key to protecting your organization from legal problems.

Choose the relevant data.
There may be data you should or must store based on your organization, industry, or base of operations but there is also some data that should be kept no matter your business type. This universal data includes:

  • Emails
    • Internal and external communication
  • Personal records
    • Donor or customer information
    • Employee records
    • Patient or student data
  • Financial information
    • Sales and billing records
    • Tax documents
  • Contracts
    • Including supplier/vendor agreements

Training, training, training.

Once your data retention policy has been written and approved it must be properly implemented. Employees should know what the guidelines are as well as why they have been set up, and they should receive formal training and periodic reviews to ensure all team members are knowledgeable of and compliant to the formal policy.


Data retention policies are an important part of any organization. If your organization does not have a formal policy in place, consider talking with your stakeholders and investing the time into creating one. Once you have a data retention policy in place, you should also evaluate your backup solutions. Not sure which kind of backup is best for your needs? We can help you learn more about choosing the right backup option for your business.


Leave a Reply