|
|
|
|
|
|
by gcthomas
2948 days ago
|
|
|
There is no violation of the GDPR in just holding data, especially data for which you have a legitimate business reason to process. It is probably PII, so look after it as you would other PII. The GDPR give a number of reasons where the right to be forgotten does not apply, including for archival purposes, or when the controller was not relying on consent for the processing. |
|
|