Conditional Retention Durations Added to Data Protection Regimes
Data Protection Regimes have been enhanced to support conditional retention durations. This allows for dynamic retention period calculation, such as having a longer retention period for the Norway Jurisdiction when the entity has a High Risk Rating. Where no conditional rules are configured (or none are matched), the regime’s default retention duration continues to apply.
Key Details
- Data Protection Regimes now include an optional Conditional Retention Durations section alongside the existing default retention duration.
- Conditional retention rules use the standard Logic Engine pattern with Main Entity and Main Entity Metadata data sources.
- At offboarding, conditional retention sets are evaluated in order; the first matching set determines the applied retention period, otherwise the default applies.
- The applied retention selection is stored on the Data Deletion Process, including new properties to support audit of the returned retention period:
dataProtectionRegimeIdconditionalRetentionDescription(when a conditional set was applied)appliedConditions(Logic Engine conditions from a satisfied condition set are capstored as JSON text).
- Advanced Reporting has been extended to expose these additional Data Deletion Process properties via the Data Protection reporting table.
Implications
- Existing Data Protection Regimes continue to behave as before where no conditional retention durations are configured.
- Offboarding outcomes are more auditable: the applied regime, retention period, and (where relevant) the evaluated conditions are captured for review and reporting.