Under GDPR, you need to apply data minimisation, that is to say, collect as little data as possible and only store for as long as you absolutely need it or as you are legally required to do so. Different data sets have different legal retention periods. For example, you should ask your insurance company how long you should store a client’s medical data. Staff data is another example of personal data you are legally required to retain for a specified period of time – even if that person requests to be ‘forgotten’ and to have all their data deleted.
You can set specific data retention periods in your Phorest system following these step-by-step instructions: