Data de Retenção de Dados

Data retention deadlines

Retention is the question of how long you have to keep a record before you can delete it or strip its identifiers. The end date comes out of end = start + retention_period and then gets pushed to the legal cut-off, which is usually the last day of the year. In practice the tiers line up fairly predictably. Application logs sit around 30 days, full backups run 90 days, audit trails stretch to 7 years under SOX, tax records to 5 years, and medical charts to 20 years per CFM 1.821/2007. Disaster recovery adds two more numbers worth knowing: RTO (Recovery Time Objective) is how quickly you have to bring the service back, while RPO (Recovery Point Objective) is the most data you can afford to lose. Together they drive how often you back up and which tier you put things in.

Applications

Where this shows up: LGPD (Brazilian Law 13.709/2018) compliance work and data-minimization audits, HIPAA medical-record schedules in the US, BCB Resolution 4.658/2018 for financial institutions, ISO/IEC 27001 information-security controls, and the retention policies a DPO builds when matching each class of data to a legal basis.

FAQ

Does retention override the right to deletion? It does when a legal obligation is in play. LGPD Art. 16 lets a controller hold on to data even after the subject asks for its removal, provided a law or regulation requires it.

Backup vs. archive? A backup is there so you can recover quickly, so it gets a short TTL and a fast restore path. An archive is there as legal evidence, so it gets a long TTL and is written once. Don't run them on the same lifecycle.

What about anonymized data? Once it has been anonymized for good, with no way back to the original identity, it falls outside LGPD scope and you can keep it as long as you like for analytics.