Papers containing sensitive information should be disposed of in an agreed manner, for example, using a shredder or by incineration.
Organization must document the retention periods for data sets and their possible archiving process (including archiving method, location or destruction). At the end of the retention period, the data must be archived or destroyed without delay in a secure manner.
When destroying data contained in data systems, the following points should be taken into account:
The process of archiving or destroying data is defined in connection with the documentation, and the owner of the data is responsible for its implementation.
Limiting the retention time is one of the principles of the processing of personal data. If the retention period of the data is not provided by law, when determining the retention periods, the following must be taken into account, for example:
Describe your own process for evaluating retention periods.
Unnecessary media should be disposed of in a safe, industry-accepted manner (such as by incineration, shredding or wiping) in accordance with formal procedures. Media that requires safe disposal must be clearly marked.
Data destroyed in accordance with the process should not be recoverable, even by forensic means.