Data Subject Request Retention Schedules
Data Subject Requests need to collect personal information to process requests across several systems. To ensure compliance with data minimization practices and to improve the security of this personal data, Transcend allows customers to define a retention period for the data collected to process DSRs. After this retention period has elapsed, all personal information collected is fully deleted.
This page describes how our DSR retention schedules work and helps you appropriately configure them for your needs.
There are multiple options for how to process the request data once the retention period has elapsed.
- Delete requests and identifiers - Deletes the record of the request and all associated data.
- Delete only identifiers - Retains the request record but deletes the related personal information.
- Do not delete any data - Does not delete any record or data.
Your selected operation will be performed on any request that falls outside of the retention period that you define below.
You can define your retention period by entering the number of days to wait before the deletion operation is performed. Once a day, the system will check your platform for any requests that fall outside of the retention window. For each request older than the defined period, the selected operation above will be performed.
Note that by default, all accounts that pre-date this feature have their retention period set to 5 years, and any new organization created after this release will have a retention period of 3 years. These periods are preset but can be modified as needed.
You have now successfully configured your data retention period for DSRs.