section one

What is Data Retention?

Lead consultant at Test Partnership, Ben Schwencke, explains data retention.

0:50 Quickly understand what data retention means.

In the context of the GDPR and data protection more generally, data retention relates to how long personal data is stored for. Under GDPR, organisations are obligated to minimise the time that personal data is held for, minimising the risk of future data breaches. Consequently, organisations must draft an official data retention policy, outlining exactly how long personal data will be retained for and why.

When it comes to online assessments, candidates are typically required to provide personal information, most commonly their names and email addresses. Psychometric testing providers must therefore clearly outline their data retention policy, and ideally allow client users of the platform to designate their own data retention policies. However, due to the high-stakes nature of employee recruitment, organisations are within their rights to retain candidate’s personal information, often for several years if necessary.

Naturally, because these assessments are used to justify recruitment decisions, employers have both a legal responsibility and a legitimate business reason to hold onto this information, justifying a data retention policy of several years.

Employers must also remember that only the personal data is subject to the data retention policy, the candidates’ scores and results are not. Because the candidates’ responses to questions undergo transformation using several algorithms in order to generate standardised scores, candidates have no immediate right to their results on assessments, and employers are under no obligation to delete these results. As a result, psychometric testing platforms will typically anonymise the results, removing the personally identifiable data while retaining the scores themselves.