Define how long each category of personal data is stored
Justify each retention period with a legal or operational basis
Ensure data is deleted or anonymised once the purpose ends
Document all retention rules in a clear and accessible format
Apply retention rules consistently across all data systems
Ensure third-party processors comply with the organisation’s retention instructions
They can define their own reasonable terms. Sony chooses to delete that stuff.
Under the GDPR, every organisation must:
Define how long each category of personal data is stored Justify each retention period with a legal or operational basis Ensure data is deleted or anonymised once the purpose ends Document all retention rules in a clear and accessible format Apply retention rules consistently across all data systems Ensure third-party processors comply with the organisation’s retention instructions They can define their own reasonable terms. Sony chooses to delete that stuff.
Yeah, that. Other companies have even lower time limits.