An important detail nobody is mentioning is that this is EU only due to privacy laws there. Sony still sucks, etc., but it’s important to get the facts straight.
Define how long each category of personal data is stored
Justify each retention period with a legal or operational basis
Ensure data is deleted or anonymised once the purpose ends
Document all retention rules in a clear and accessible format
Apply retention rules consistently across all data systems
Ensure third-party processors comply with the organisation’s retention instructions
They can define their own reasonable terms. Sony chooses to delete that stuff.
An important detail nobody is mentioning is that this is EU only due to privacy laws there. Sony still sucks, etc., but it’s important to get the facts straight.
Under the GDPR, every organisation must:
Define how long each category of personal data is stored Justify each retention period with a legal or operational basis Ensure data is deleted or anonymised once the purpose ends Document all retention rules in a clear and accessible format Apply retention rules consistently across all data systems Ensure third-party processors comply with the organisation’s retention instructions They can define their own reasonable terms. Sony chooses to delete that stuff.
Yeah, that. Other companies have even lower time limits.