Create Data Retention Policy for the Card system
The Card system holds personal data within the meaning of GDPR as it retains a copy of the image of the front and back of each card which include a photograph of the cardholder, a unique barcode and card number. The system also holds other unique identifiers relating to cardholders at the point each card is issued.
-
Business Analysis of Card data retention requirements -
Draft & publish Data Retention Policy -
Inform Card Committee of the Policy.