Skip to content


The Importance of Implementing Data Retention Policies and Scheduled Backups

By: Dataprise

Data Retention Backup

Table of content

Every business relies on data in some form, making its protection essential for maintaining operations, compliance with laws and regulations, and efficient resource utilization in the long term. Different types of data and business requirements necessitate data retention policies, which have evolved over time with advancements in data protection and archiving technologies.

It’s worth noting that data retention can also pertain to the duration personal information from electronic communications is retained and how it’s managed, as in the case of GDPR. However, this article primarily addresses the long-term retention of data for business continuity and regulatory purposes.

How do backups operate within a data retention policy?

The fundamental principle of data retention and archiving is to retain data from specific time points longer than others, typically on a weekly, monthly, and yearly basis. In the past, when tape media was the predominant backup storage method, it involved running periodic full backups to match these point-in-time requirements. These tapes were set aside as immutable backups, adhering to weekly, monthly, and yearly retention, until the retention period expired, at which point they were overwritten.

Various rotation schemes exist, with GFS (grandfather-father-son) retention being one of the most commonly used. These policies aim to strike a balance between retaining data for compliance while not incurring excessive storage costs.

With disk-based backup storage, it’s essential to manage available disk space efficiently. GFS policies specify how long weekly (son), monthly (father), and yearly (grandfather) backups are retained. Modern backup software automates this process, ensuring that each type of backup is kept for the designated time before either permanent archiving or deletion. Another approach involves sending data to a cloud backup provider, ensuring data protection that’s accessible from any location and complying with the 3-2-1 rule for backups, which involves having a copy of the data stored offsite.

Cloud Data: What data should be retained and for how long?

There’s no one-size-fits-all answer to this question. Data retention duration depends on your business’s location, financial or governmental requirements, and the nature of your operations. To ensure data security compliance, identify the locations of all workloads, assess the value and types of data through a business impact analysis, and establish retention policies for each category. Granular specification of these retention policies in your data protection software allows you to meet specific business needs without a uniform approach.

For instance, if you work in the healthcare field, retention requirements vary by state and depend on whether you’re a doctor’s office or a hospital, as well as whether the data pertains to adults or minors. The Code of Federal Regulations contains retention requirements for records that can be referenced when needed.

Examples of data retention policies:

Once you’ve determined the required retention types based on your business or federal regulations, it’s time to configure the backup, deletion, or archiving of documents accordingly. Let’s consider a fictitious example of HR payroll systems and records with a 7-year retention requirement:

Daily/Weekly Retention: Daily – 31, Weekly – 52.

Full backups occur on Saturdays, with daily forward incremental backup jobs. GFS retention flags weekly backups as “weekly,” preventing deletion or modification. Daily backups are automatically deleted after 31 days. Weekly backups remain untouched until the 53rd rolling week. After the 52nd week, the GFS flag is removed, and normal retention actions resume.

Monthly Retention: 12

The last weekly backup of each month is assigned a monthly GFS flag. In month 13, the earliest backup’s GFS flag is moved, and the backup is deleted while a new monthly backup is created.

Yearly Retention: 7

Yearly full backups are flagged during the last full weekly backup of the year. They contain weekly, monthly, and yearly GFS flags, with the highest tier taking precedence. The file system recognizes only the yearly GFS flag, and the rolling flag removal occurs again in year 8.

This example outlines a basic seven-year data retention policy that minimizes data storage while automatically freeing up space on backup storage.

Recent Tweets


Want the latest IT insights?

Subscribe to our blog to learn about the latest IT trends and technology best practices.