“Retention Limitation Obligation” Singapore PDPA Preventive measure 9 Obligations to follow PDPA (No.7)
Do you feel the office is getting crowded with documents from ages ago? Yet you feel the need of keeping them “just in case”? The truth is, documents containing Personal Data can’t be kept by organization if it is for “just in case” as explained in Retention Limitation Obligation.
What is Retention Limitation Obligation?
An organization needs to cease retention of documents ( soft copy and hard copy) containing personal data, as soon as the purpose for which that personal data was collected is no longer being served, and retention is no longer necessary for legal or business purposes.
How long can personal data be retained?
The retention limitation obligation does not state the specific duration for the retention of personal data. Instead, the span for legitimately retaining personal data is assessed on reasonableness, having regard to the purpose for which the personal data was collected and other legal or business purpose for which retention may be necessary.
If so, why can’t organization keep all the documents of personal data forever?
The more personal data that your organization keeps, the higher the risk when it leaks ( the penalty will be higher too). Hence it is best to do “Spring Cleaning” for the personal data once in a while.
Are you getting curious on how to dispose the personal data?
There are a few ways to go upon this:
・Return the documents to the individual.
・Destroying the documents by shredding them or disposing it with MAMORU Singapore.
・Anonymizing the personal data.
Thank you for reading. If you do have further enquiries about this obligation, feel free to contact MAMORU Singapore.