GDPR: Should you keep potentially useful data or delete it?

Data from 17th century ships' logs is still used today in weather research. Under GDPR, should it be deleted?

IT leaders are struggling with the question of whether to delete potentially useful data in order to comply with the EU's impending General Data Protection Regulation (GDPR).

Though the industry is awaiting further clarification from the UK's data protection watchdog, the Information Commissioner's Office (ICO), the GDPR currently appears to mandate that data should be deleted once it has been used for the purpose for which it was collected.

But this will hamper academic research, most of which relies on older data from previous studies, and involves "standing on the shoulders of others," according to Ian Johns, head of architecture at King's College London.

Johns was speaking at Computing's recent IT Leaders Forum 'The GDPR: Ensuring you are compliant'.

"Researchers will be challenged by GDPR, most of it is standing on shoulders of others," he said. "There are ship logs taken in the 17th century on pen and paper that will be used in today's climate research. It's a challenge right around the world for research.

"I believe that while the burden lies with companies and DPOs [Data Protection Officers, a position which the GDPR mandates must be filled at firms above a certain size], not individuals to be GDPR compliant, there will always be risk and there'll always be problems," Johns argued.

Also speaking on the panel was Mark Dooley, IT director at Morgan Hunt.

"The power of the delete key is satisyfing at the moment," he said, referring to the need to remove older data to comply with GDPR. "There's a conflict between the requirements of GDPR, and big data needs which state keep as much as you can, because you never know when it might be useful in future. I've been raising this point, and I've never felt I've had a satisfactory answer. You're supposed to keep data only for the originally intended purpose," said Dooley.