5.1 How long can research data with personal data be stored?

The GDPR requires that personal data is not stored for longer than is necessary to achieve the purposes for which they are processed (see the 'storage restriction' principle). However, personal data processed exclusively for research purposes can be stored for a longer period of time, provided that appropriate safeguards are taken, such as pseudonymization, and / or encryption. The GDPR does not specify how long research data may be stored. It is therefore up to the researchers to argue how long the data will be stored, to document this argumentation and to inform those involved about it.

It is also important to take into account the requirements regarding the retention of research data from your own institution, your research funder (s) and the journal in which you want to publish the results later.