I'm starting to think about the privacy notices I need to draft.
One aspect of these is informing clients of their right to be forgotten and the fact they can ask us as data controller to delete all their personal data (obviously, this will only apply to former / newly-departing clients).
Obviously, I can see the data protection logic of that but I must admit to feeling very reluctant to destroy data from the fairly recent past which may be needed in the event of an enquiry (notwithstanding that the client may have moved onto another agent), or any of the other million reasons why we're sometimes asked to extract old data / correspondence. I may be worrying unnecessarily but I would prefer not to put myself in a position where I can't answer something which I could have done pre GDPR simply because I have destroyed data which I wouldn't have done pre GDPR.
Anyone been through this iteration yet and come up with an answer / compromise / suitable text to include in the notice?