Install
openclaw skills install @mohitagw15856/data-retention-policyBuild a data retention and deletion schedule grounded in legal basis. Use when asked to create a data retention policy, set retention periods, plan data deletion/minimisation, or answer 'how long can we keep this data?'. Produces a retention schedule — data categories with their retention period, legal/business basis, deletion trigger and method, plus flags for data kept with no basis or no defined period.
openclaw skills install @mohitagw15856/data-retention-policy"Keep everything forever" is a liability, not a strategy — it grows breach exposure, violates data- minimisation rules (GDPR, CCPA), and turns every data subject request into an archaeology project. This skill builds a retention schedule that ties each data category to how long you keep it and why (legal basis), with a concrete deletion trigger — so retention is a defensible policy, not an accident.
Ask for these only if they aren't already provided:
1. Schedule — the core table, one row per data category:
| Data category | Retention period | Basis (legal/business) | Deletion trigger | Method | System(s) |
|---|---|---|---|---|---|
| Customer PII | 3y after account closure | Legitimate interest + GDPR minimisation | Account closed + 3y | Hard delete | App DB, backups |
| Financial records | 7y | Tax law (statutory minimum) | End of fiscal year + 7y | Archive then delete | Finance system |
2. Principles — the policy stance: minimise by default, the shortest period that satisfies the basis, and that retention applies to backups and logs too.
3. Deletion mechanics — how deletion actually happens (automated job vs. manual), how it cascades to backups, and how it's evidenced.
4. Flags — categories with no defined period or no legal/business basis (these are the risk — data you can't justify keeping).
scripts/retention_schedule.py (stdlib only) validates a schedule and flags categories missing a
period or a basis, and (given a closure/event date) computes the earliest deletion date:
# data.json: [{"category":"Customer PII","retention_months":36,"basis":"GDPR minimisation","event_date":"2024-01-15"}, ...]
python3 scripts/retention_schedule.py data.json
python3 scripts/retention_schedule.py data.json --json
Data-minimisation practice — GDPR Art. 5(1)(e) storage limitation, sector retention statutes, and defensible-deletion principles.