Securing personal data in the context of data retention

Data retention legislation has been adopted to address concerns related to national security and serious criminal activity. The legislation provides access to communication data for law enforcement purposes. However, according to the Data Retention Directive (DRD) personal data collected, stored or in any way processed in most European Union (EU) Member States (MSs) needs to be securely protected, to meet the requirements of data protection legislation. This study provides the results of (a) a survey on the national implementation of the DRD in six selected Member States on the requirements regarding technical and organisational security measures (in short ‘security measures’) and the implementation of the data security principles that are provided for in the Directive, and (b) a state-of-the-art analysis of the security measures proposed for the protection of personal data collected and stored in the context of the DRD. ENISA initiated this study following a request by the Directorate General Home Affairs (DG HOME) of the European Commission. This document aims at providing a set of recommendations for a common European approach on the security measures that should be taken in relation to retained data, taking into account existing specifications on security measures.


This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies