Back to dashboard
Generated schedule
EU Operations — GDPR Schedule
Technology / SaaS · European Union (GDPR) · Private Corporation
Records
5
Critical
1
High Risk
2
Pending Review
2
| Record Type | Retention | Trigger Event | Legal Basis | Citation | Risk | Review | Action |
|---|---|---|---|---|---|---|---|
Tax Returns & Supporting Documents Indefinite retention recommended for fraudulent or unfiled returns. | 7 years | Date of return filing | IRS Recordkeeping Requirements | 26 U.S.C. § 6501; IRS Pub. 583 | High | Pending Review | |
Personally Identifiable Information (PII) Document retention rationale; honor data subject erasure requests. | Until purpose fulfilled | Completion of processing purpose | GDPR Storage Limitation | GDPR Art. 5(1)(e) | Critical | Needs Revision | |
Contracts & Agreements Period varies by state; UCC contracts may have different periods. | Term + 6 years | Contract termination or expiration | State Statute of Limitations (Contract) | Cal. Civ. Proc. § 337 | Medium | Approved | |
Email Correspondence Subject to legal hold suspension when litigation is reasonably anticipated. | 3 years | Date sent or received | Internal Policy / Litigation Hold | Fed. R. Civ. P. 37(e) | Medium | Pending Review | |
Workplace Injury Records (OSHA) Forms 300, 300A, and 301 must be retained. | 5 years | End of calendar year of incident | OSHA Recordkeeping Standard | 29 C.F.R. § 1904.33 | High | Approved |
Reminder: This schedule was generated by an AI research assistant. Citations should be verified and the schedule approved by qualified legal counsel before adoption or use as a recordkeeping policy.