The following provides some examples of concrete measures that support the principle of storage limitation:
- At the time of designing a given processing activity, an organizational measure is to verify whether directly identifying data needs to be at all collected at all to fulfill the stated purposes.
- Pseudonymization and anonymization of data between processing steps are prime technical measures. They require the verification whether the remaining purposes after the completion of the processing step still require the same degree of identification of data subjects.
- When planning to issue authentication credentials to data subjects, an organizational measure is to verify whether it is sufficient to issuepseudonymous credentials. For example, issuing a random one-time-password during data collection may be sufficient to later support the right to withdraw consent.
- Operating an Internet-based service in a manner that permits users to connect via an anonymizing overlay network such as TOR avoids identifying data subjects via their (network) IP address and thus is a measure in support of storage limitation.
- Equipping a WiFi-enabled user device with MAC address randomization such as to prevent data subject from broadcasting unique identifiers.
1See for example, https://en.wikipedia.org/wiki/Tor_(anonymity_network) (last accessed 18/5/2020). ↑
2See for example, https://en.wikipedia.org/wiki/MAC_spoofing#MAC_Address_Randomization_in_WiFi (last accessed 18/5/2020). ↑