If the information is not explicitly required by law to be retained, then there is no penalty for deleting expired information in accordance with the firm’s retention policy.
Having designed and implemented site retention policies in a country with GDPR-like laws, what this means in practice is that you’re a fool to retain anything longer than you absolutely have to for compliance or essential business reasons. Retained information is a liability and a legal risk.
If the information is not explicitly required by law to be retained, then there is no penalty for deleting expired information in accordance with the firm’s retention policy.
Having designed and implemented site retention policies in a country with GDPR-like laws, what this means in practice is that you’re a fool to retain anything longer than you absolutely have to for compliance or essential business reasons. Retained information is a liability and a legal risk.
Yes, which is why I think a company like Reddit plausibly holds less information than an Australian Lemmy instance.