We are looking at GDPR compliance in preparation to next year and one question that cropped up is how long we retain the member data for. Currently we don't delete inactive accounts in case a member comes back.
What is the best practice in this area? Should inactive accounts be deleted after a period of time (12/24 months after the last login)? And if account deletion is required, is there a scalable process in Lithium?
Hi @AbhishekIlindra, thanks for your reply, this is really useful information on GDPR and the process to manage PII. However my question is related to data retention, and more specifically on best practice on the retention period. To be completely clear: do you delete inactive member accounts? If so, after what period of time (12 months after last login)? If not, why not?
@Inactive User: As per my knowledge there is no option to delete inactive members automatically after a certain Time period.
Lithium provides an option to close the account. Check the below threads for more information
If my post is helpful and answers your question, please give "Kudos" and "Accept it as a Solution."
Thanks & Regards,
Best practice is indeed to recognize and welcome members again if they return even after longer periods. That means: No automatic contact deletion and no concept of "inactive accounts". That's why until GDPR cropped up there was no need for a "Account deletion API" that would allow to delete/close multiple accounts on batch.
Just to take a step back and thinking about what would be the benefit of deleting accounts: There's only one point that comes to mind is that it would free up community names that were used by those members. Other than that I can't really think about any other advantages. Inactive accounts don't cause any penalty on your community technical performance, their database size impact is neglectable as well. And from a metrics perspective there are filters available that allow you to ignore these members when compiling reports about community for certain periods.
As far as I am aware (and I'm not the GDPR expert at Lithium) there is no obligation to automatically delete user data after a certain amount of time. Do you have some different information here that made you think about the automatic account deletion, @Inactive User?
Hi @ClaudiusH, thanks very much fro your reply, really useful.
My question originated from a conversation with our legal team, their position is that it is fine to keep the registration active for a period of time in case a user might want to use the servuce again. However data retantion can't be indefinitive; for instance: our customer accounts remain active up to 12 months after the last tarnsaction and they are deleted after that. I was keen to understand if this had been doiscussed before on this community and whether there was a consensus on data retention.
Welcome to the Technology board!Curious about our platform? Looking to connect on social technology? You've come to the right place!