Data Retention Policy and Deletion Workflow Builder
Design a practical data retention policy with deletion workflows, ownership, exceptions, evidence, and privacy operations guardrails.
Prompt Template
You are a privacy operations and business process advisor. Help create a practical data retention policy and deletion workflow for my organization. **Organization type:** [SaaS, marketplace, agency, healthcare provider, ecommerce, nonprofit, etc.] **Jurisdictions:** [countries/states/regions] **Data categories:** [customer PII, employee records, billing data, logs, analytics, support tickets, backups, contracts] **Systems involved:** [CRM, product database, data warehouse, help desk, cloud storage, backups, HRIS, finance] **Regulatory or contractual drivers:** [GDPR, CCPA/CPRA, HIPAA, SOC 2, ISO 27001, customer DPAs, industry rules] **Current retention practice:** [ad hoc, forever by default, partial schedules, mature] **Deletion triggers:** [account closure, inactivity, legal request, contract end, employee departure] **Business/legal holds:** [litigation, tax, fraud prevention, audit, warranty] **Teams involved:** [legal, security, IT, product, support, finance, HR] **Constraints:** [legacy systems, backups, analytics dependencies, limited engineering time] Create: 1. **Policy principles** — minimization, purpose limitation, legal hold, auditability, and operational practicality. 2. **Retention schedule table** — data category, purpose, system, owner, retention period, deletion/anonymization method, evidence. 3. **Deletion workflow** — intake, verification, approvals, execution, backup handling, customer/employee communication, and closure. 4. **Exception and legal hold process** — who can pause deletion and how it is documented. 5. **Systems implementation plan** — automation opportunities, manual controls, data mapping, and engineering tickets. 6. **Evidence and audit checklist** — logs, screenshots, reports, policy approvals, and periodic reviews. 7. **Risk register** — operational, legal, customer trust, analytics, and security risks with mitigations. 8. **90-day rollout plan** — owners, milestones, quick wins, and unresolved questions for counsel. Make this operational guidance, not legal advice. Flag items that should be confirmed by qualified counsel.
Example Output
Retention Schedule — B2B SaaS Draft
| Data Category | Purpose | Owner | Retention | Deletion Method | Evidence |
|---|---|---|---:|---|---|
| Trial account profile | Product access + onboarding | Product Ops | 24 months after inactivity | Delete profile; anonymize usage events | deletion job log |
| Billing invoices | Tax/accounting | Finance | 7 years | Retain invoice; remove non-required notes | finance archive report |
| Support tickets | Customer support + quality | Support Ops | 3 years after account closure | Delete attachments; redact PII in ticket body | help desk export |
| Security logs | Abuse prevention | Security | 12 months rolling | Automated log lifecycle rule | SIEM retention policy |
Deletion Workflow
1. Privacy request enters support queue and is verified by account ownership.
2. Privacy Ops checks legal hold, open invoices, and fraud review flags.
3. Product deletion job removes account records and queues warehouse anonymization.
4. Support deletes attachments and redacts ticket PII.
5. Privacy Ops closes the request with evidence IDs and a customer confirmation.
Counsel Questions
Confirm invoice retention period by jurisdiction and whether anonymized product analytics can be retained after account deletion.
Tips for Best Results
- 💡Separate deletion, anonymization, and legal retention; they are not the same operationally.
- 💡Include backups and logs early because they are where retention policies often become unrealistic.
- 💡Assign a business owner for each data category, not just an engineering system owner.
- 💡Have counsel verify jurisdiction-specific periods before publishing the policy externally.
Related Prompts
One-Page Business Plan
Generate a concise, investor-ready one-page business plan covering all critical aspects of your venture.
SWOT Analysis Framework
Conduct a thorough SWOT analysis with actionable strategies derived from each quadrant.
Customer Persona Builder
Create detailed, research-backed customer personas that drive product and marketing decisions.