Tons of data goes into SaaS platforms like Salesforce every day. Over time, this data will naturally become less valuable to your business and need to be deleted from your production environment, or eventually, from your archives.
That’s why, with thousands of records entering and leaving your system every day, it’s critical to have an official data retention policy documented.
Data retention refers to the management of data once it is logged on an application or system. A data retention policy helps a company determine what information needs to be stored, where to house it and how long to save it. Once the data runs its course, the company can delete it or transfer it to a separate archival site.
A well-defined data retention strategy can help your organization in several ways, such as:
Your data retention policy should look holistically at all of the data entering your SaaS platform. Pay attention to what kind of data you're retaining, the data’s sensitivity level, and regulations that may specify the minimum or maximum retention periods. After categorizing each object, you'll need to define when to reduce access to that data by deleting it entirely and when to move the data to your archives. Let's dive deeper into each step of the process.
2. Determine Applicable Regulations
Specific local, state, federal, international, or industry-imposed regulations, such as GPDR, LGPD, CCPA, HIPAA, and SEC 17a-4, have data retention requirements. Hopefully, your compliance, risk, and legal departments have already set retention policies for sensitive data that align with the applicable rules. Double-check with each of these departments to ensure you comply to avoid civil, criminal, or financial penalties.
Note: You'll also need to establish a backup retention policy to remain compliant with these regulations. Maintaining a schedule of removal will likely require an automated backup solution
3. Catalogue Your Data
To catalog your data, you'll need to get together with the stakeholders familiar with your org to map out the data within your orgs. Below is a simple example. This catalog will be a precursor to a broader discussion with decision-makers in your company.
For example, a software company may store customer contact information, which they consider low sensitivity and use for sales, marketing, support, and billing
4. Make Decisions
You’ll need to involve company decision-makers to create the appropriate policies. Here are the questions to ask those decision-makers as you review the data catalog designed in step three.
5. Document Policies and Actions
Document a retention query/statement for each set of objects/records. Let’s revisit our software company example in step three. If you defined that customer contacts need to be archived four years after their last purchase, you’d need to create a query of your contact object/customer contacts where the previous purchase date was four years ago.
Access to archives depends on your business drivers. If you're keeping the data in an archive for regulatory or internal policy reasons, you should limit access to those who need it for regulatory or auditing purposes. For companies archiving to reduce storage costs or clutter, you may want users to have more access to the data. How you implement your data retention policy will depend on which business driver is essential to your organization.
6. Implement Your Policy
Now that you’ve documented specific policies for each set of objects/records, you can create the technical documentation that includes a process for executing the queries to delete/archive the records. The process specifics will depend significantly on the archiving tool you’re using. Implementing your data retention policy can turn into a significant project without the right archiving solution.
OwnBackup Archive includes 99 years of retention and allows customers to create custom data retention policies that include specific data to be archived, how frequently data archiving activities occur, and how long archived data is retained. Once policies are configured, Archive removes specified records and attachments from production and securely stores immutable replicas to the cloud without changing the integrity of data relationships.
Contact us today to learn more about how OwnBackup Archive can help you create a more robust data retention policy.