The following provides some examples of concrete measures that support the principle of storage limitation:

• At the time of designing a given processing activity, an organizational measure is to verify whether directly identifying data needs to be at all collected at all to fulfill the stated purposes.
• Pseudonymization and anonymization of data between processing steps are prime technical measures. They require the verification whether the remaining purposes after the completion of the processing step still require the same degree of identification of data subjects.
• When planning to issue authentication credentials to data subjects, an organizational measure is to verify whether it is sufficient to issuepseudonymous credentials. For example, issuing a random one-time-password during data collection may be sufficient to later support the right to withdraw consent.
• Designing a web site such that it refrains from setting cookies outside of the areas that require authentication avoids one way of identifying data subjects across sessions and can be considered a measure in support of storage limitation. (See Setting Cookies and Writing a Cookie Policy). Concretely, this may be done via an appropriate configuration of the web application (such as a content management system and its plugins) or web server.
• Operating an Internet-based service in a manner that permits users to connect via an anonymizing overlay network such as TOR^[1] avoids identifying data subjects via their (network) IP address and thus is a measure in support of storage limitation.
• Equipping a WiFi-enabled user device with MAC address randomization^[2] such as to prevent data subject from broadcasting unique identifiers.

 

 

References

---

¹See for example, https://en.wikipedia.org/wiki/Tor_(anonymity_network) (last accessed 18/5/2020). ↑

²See for example, https://en.wikipedia.org/wiki/MAC_spoofing#MAC_Address_Randomization_in_WiFi (last accessed 18/5/2020). ↑