Skip to main content
All Docs
FeaturesMaking Tax DigitalUpdated March 11, 2026

GDPR Data Retention Enforcement: Automated Purge & Archival

GDPR Data Retention Enforcement: Automated Purge & Archival

Release: v1.0.428 | Compliance control: GDPR-11 | Framework: UK GDPR

Overview

UK GDPR Article 5(1)(e) — the storage limitation principle — requires that personal data is kept no longer than necessary for the purposes for which it was collected. This platform's Record of Processing Activities (ROPA) defines three concrete retention periods for different data categories. As of v1.0.428, these periods are enforced automatically via Inngest scheduled functions, removing the compliance liability that arose from manual-only processes.

Retention Periods Enforced

The following retention periods are defined in ROPA document PA-001 and are now actively enforced:

Data CategoryRetention PeriodEnforcement Action
Financial records (transactions, submissions, tax calculations)7 yearsFlagged for archival review
Audit logs3 yearsSoft-deleted or anonymised
User account data (post-deletion)30 daysHard-deleted

Scheduled Jobs

Three Inngest cron jobs run automatically in the background. No manual intervention is required under normal operation.

1. Weekly — Audit Log Purge

  • Schedule: Weekly
  • Target: audit_log table entries
  • Threshold: Entries older than 3 years
  • Action: Soft-delete or anonymise the records, retaining the structural audit trail while removing personally identifiable content
  • Rationale: Audit logs contain user activity data. The 3-year retention window provides sufficient history for security investigations and compliance reviews without holding data indefinitely.

2. Daily — Orphaned User Data Purge

  • Schedule: Daily
  • Target: User data associated with deleted accounts
  • Threshold: Account deletion date more than 30 days ago
  • Action: Hard-delete all orphaned personal data linked to the deleted account
  • Rationale: The 30-day window allows for account recovery or dispute resolution before permanent removal. After this window, no personal data for the deleted user should remain in the system.

3. Monthly — Financial Record Archival Flag

  • Schedule: Monthly
  • Target: Financial records (transaction data, HMRC submission records, tax calculations)
  • Threshold: Records older than 7 years
  • Action: Flag records for archival review — records are not automatically deleted, but are surfaced for a human review step before any permanent action is taken
  • Rationale: Financial records are subject to HMRC retention requirements. The 7-year threshold aligns with standard UK tax record-keeping obligations. Flagging rather than automatic deletion ensures no records required for ongoing tax purposes are removed without review.

Compliance Implications

ICO Accountability

By automating retention enforcement, the platform can now demonstrate to the Information Commissioner's Office (ICO) that:

  • Storage limitation controls are systematic, not ad hoc
  • Retention periods defined in the ROPA are actively enforced, not merely documented
  • Personal data does not accumulate indefinitely beyond its intended purpose

ROPA Documentation

The three scheduled functions are documented within ROPA PA-001 under the security measures section. This ensures the ROPA reflects the actual technical and organisational measures in place, as required for accountability under UK GDPR Art. 5(2).

Reduced Compliance Liability

Prior to this release, data held beyond its retention period represented a continuous and growing compliance risk. Any ICO audit or subject access request would have exposed data that, by the organisation's own ROPA, should no longer exist. Automated enforcement closes this gap.

What This Means for Users

  • No action required. Retention enforcement runs entirely in the background.
  • Deleted accounts will have all associated personal data permanently removed 30 days after deletion. This is irreversible after the 30-day window closes.
  • Audit log history older than 3 years will be progressively anonymised on the weekly schedule.
  • Financial records are never automatically deleted — they are flagged for review, ensuring HMRC compliance requirements are respected.

Related Documentation

  • Changelog — v1.0.428
  • ROPA PA-001 (internal compliance document)
  • UK GDPR Art. 5(1)(e) — Storage Limitation Principle