Data Retention & Evidence
Proving you have consent. This section covers the "legal hygiene" of keeping a "logbook" of your consent—you must be able to prove who signed up, when they signed up, and from what IP address.
Questions about Data Retention & Evidence
Why do I need an email data retention policy?
How long should I keep subscriber data?
What data needs to be deleted when a user requests it?
How do I handle deletion requests securely?
What consent records should be stored?
How long should consent evidence be kept?
What are acceptable formats (logs, screenshots, timestamps)?
How do you prove consent in case of an audit?
What’s the difference between subscriber data and consent metadata?
How to handle expired or outdated consent data?
What are lawful grounds for retaining unsubscribed addresses?
How to securely delete contact data after expiry?
How to demonstrate lawful processing under GDPR Article 6?
How to keep audit trails for opt-in and opt-out events?
What is a retention schedule and who enforces it?