• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
easy GDPR - we make compliance with GDPR easy

easyGDPR

We make implementing General Data Protection Regulation Easy

  • Home
  • Services
    • Software
      • easyGDPR Quickcheck
      • (DEP) easyGDPR lite
      • (DEP) easyGDPR Standard
      • Data Subject Requests
      • Sophos
    • IT Security
    • network checkup
    • SME digitization funding
    • Data protection consulting
      • Data protection
      • Cybersecurity
    • Training
      • Data protection
      • Cybersecurity
  • Partner
    • Resellerprogramm
    • Affiliate programm
  • GDPR
    • GDPR News
    • FAQ
    • GDPR Decisions
    • GDPR penalties
    • GDPR legal text
  • Shop
  • Contact
    • Contact
    • Newsletter registration
  • Login
    • Shop / Affiliate Program
    • easyGDPR Software
  • German
  • English

Storage limitation according to DSGVO and retention obligation

15/01/2018 by Andreas Schindler

According to the GDPR, personal data must be stored in a form that permits identification of data subjects only for as long as is strictly necessary for the purposes of the processing. At the same time, there are many legal regulations that make it necessary to keep the data for a long time. This storage limitation is a “personal data processing principle“. Violations of these regulations fall under the GDPR 83 (5) into the category with the highest penalties.

It is therefore important to specify for all processing operations how long the data will be retained and how deletion or anonymization of the data can be ensured.

Longer storage is permitted, subject to the implementation of appropriate technical and organizational measures, for archiving purposes exclusively in the public interest,  for scientific and historical research purposes or for statistical purposes.

For Austria, the following retention obligations are relevant, among others:

I Accounting, tax and customs law:

  1. Obligation to keep records in accordance with tax law 
    § 132 Abs 1 BAO
    :  7years beyond that as long as they are of importance for the tax authority in pending proceedings)
  2. Obligation under company law to keep records in accordance with 
    §§ 190, 212 UGB
    :  7years
  3. Obligations to keep records under value added tax law 
    according to § 18 Abs 10 UStG
     
    (special provision for real estate): 22 years
  4. Obligation to keep records under value added tax law in accordance with 
    § 18 Abs 2 3. subparagraph
    :  7 years
  5. Records according to § 23 para. 2 Customs Law Implementation Act:  5years

II Contracting:

  1. Warranty according to § 933 ABGB: 2 years (movable objects),  3years (immovable objects)
  2. Purchase price claim for movable property according to § 1062 iVm § 1486 ABGB:  3years
  3. Purchase price claim for immovable property (e contrario § 1486 ABGB): 30 years
  4. Claims of rent and leasehold interest according to 
    § 1486 ABGB
    :  3years
  5. Claims arising from a contract for work and services pursuant to
     
    § 1486
     ABGB (if the service was rendered within the scope of a commercial or other business operation):  3 years
  6. General damages according to 
    § 1489 ABGB
     (compensation claims):  3years (if damage and injuring party are known) /otherwise 30 years (concerns in particular also accidents at work!)
  7. Liability claims according to § 13 PHG: 10 years

III Labor Relations:

  1. Entitlement to the issue of a certificate of employment according to § 1163 iVm § 1478 ABGB: 30 years
  2. Employment relationship according to ABGB (subsidiary to the Salaried Employees Act): Claims of the employee and claims of the employer for remuneration, advance payment and all other claims arising from the employment relationship according to § 1153 ff iVm 1486 ABGB: 3 years
  3. Employer’s rights of recourse against employee based on compensation for damages arising from employee liability pursuant to § 6 DHG in conjunction with § 1489 ABGB:  3 years
  4. Accounting-related employee data: same as accounting.
  5. Liability for severance payment claims and company pensions after transfer of business according to § 6 para. 2 AVRAG: 5 years.
  6. Limitation of social security contributions according to 
    § 68 ASVG
    :  3resp. 5 years
  7. Limitation of claims for payment according to § 1486 Z 5 ABGB:  3years
  8. Time limit for asserting general claims under the GlbG ((§§ 15 para. 1, 29 para. 1: e.g. differential payment, compensation for personal impairment, damages, inclusion in company training and further training, discrimination in other working conditions):  3years
  9. Records and reports on occupational accidents according to § 16 ASchG:  5years

IV Industry-specific Deadlines:

  1. Money laundering regulations according to § 365y GewO, § 51 BiBuG, § 21 Financial Market Money Laundering Act (FM-GWG):  5years
  2. Correspondence and business records of credit agencies according to § 152 GewO:  7years
  3. Waste records according to § 17 AWG iVm § 3 Abfallnachweisverordnung (ANV):  7 years
  4. Storage of consignment bills according to § 18 Abs 1 AWG 2002 iVm §8Abfallnachweisverordnung:  7years
  5. Retention obligations according to Art 36 of EU Regulation 1907/2006 (REACH Regulation): min. 10 years
  6. Retention of medical records and documentation in accordance with. § 51 para. 3 ÄrzteG: 10 years
  7. Retention of medical records in hospitals pursuant to. § 10 para. 1 Z 3 KaKuG: 30 years; X-rays, video recordings and other components of medical records whose probative value is not 30 years, as well as for outpatient treatment: 10 years
  8. Treatment documentation of medical masseurs and therapeutic masseurs according to §  3MMHmG: 10 years
  9. Retention of the budget book as well as the receipts for personal care workers according to § 160 GewO:  2years
  10. Guest directory sheet collections according to § 19 para. 5 Registration law-Implementing Regulation: 7 years
  11. Weekly report sheet according to § 4 Abs 4 Wochenberichtsblatt-Verordnung (training of young people to become drivers):  1year after termination of the apprenticeship relationship
  12. Storage of driver logbooks, driving times, etc. in accordance with §§ 17 Para. 5, 17b AZG: 24 months
  13. Retention of tachograph record sheets or data recorded by the recording equipment according to § 103 para. 4 KFG: 2 years
  14. Retention of working time records of train personnel according to § 18k AZG: 1 year
  15. Retention obligation for logbooks to prove the use of trial license plates according to § 45 para. 6 KFG: 3 years
  16. Storage obligations regarding speedometers, tachographs and odometers according to § 24 KFG: 2 years
  17. Obligation to keep the type certificate list according to § 30 KFG: 10 years
  18. Records of the training course of each learner driver after § 64b para. 8 and 8a Motor Vehicle Act Implementing Ordinance (KDV): 3 years
  19. Retention obligations of the temporary employment agency regarding temporary workers according to § 13 AÜG:  5years

You can find further deadlines under: WKO DSGVO storage and retention periods.

This list was updated on 15.1.2018. With this list we want to help you to find the relevant legal norms concerning the retention obligations. However, we cannot guarantee that the list is complete or accurate. We have set the links to the RIS so that wherever possible the latest version of the relevant law is displayed.

We are working on a list for Germany and UK. If you found errors or have information to complete this list, please let us know.

The EasyGDPR Online Assistant for the GDPR documentation contains this list. You can document the storage period and the legal reasons for the selected storage period with one mouse click.

Category iconFAQ

Primary Sidebar

IT-Security Whitepaper Downloaden
  • German
  • English
  • Data Protection Statement
  • Terms and Conditions
  • Imprint
  • Licence terms for easyGDPR
  • GDPR terms
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking "Accept", you consent to the use of ALL the cookies.
SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non Necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

functionality

Diese Art von Cookies erhöht die Benutzerfreundlichkeit unserer Website. Beispielsweise wird darin die von Ihnen ausgewählte Sprache gespeichert. Auch die Verfügbarkeit von Videostreams und sonstigem Inhalt kann von diesen Cookies abhängig sein. Wenn Sie diese Cookies ablehnen, ist die Benutzerfreundlichkeit eingeschränkt.

Save & Accept