Data Minimization

Within Bloomreach Engagement our features allow you to control your client data in order to stay in compliance with GDPR and data protection.

Retention of data

The collected data should be kept for only as long as it is necessary for the purposes for which it is being processed. As the controller of the collected data, you have control over it and, hence, you are responsible for setting appropriate retention periods for them. This applies to both customer properties and event attributes.

Keeping data for just as long as it is necessary for the processing purposes might seem vague at first. However, the vagueness is intentional to allow application on an infinite number of cases, using common sense. Each case will be distinct and expiration limits should be considered, however, we have provided our own recommendations here.

Example 1 - Consent given for a specific time period
Sometimes the retention period is clear. For example, if the client gives you consent to process their data solely for the purpose of participating in an online competition, you should set the data expiration for the date when the competition ends. Similarly, if you are using legitimate interest for processing the data its purpose usually has a clear expiration date.

Example 2 - Consent given for unlimited time period
Often, the clients give you consent for a time period which is seemingly unlimited. For example, this is the case when your customers give you consent to use their data for analytics. Though the consent does not seem to have an expiration date, you cannot keep the data after it is not useful for your analytics. If you kept the data that you collected years ago it would be very hard to argue that it is useful for any relevant analysis today.

Data expiration

You can define custom expiration for each type of event (e.g.,page_visit, purchase). These events will be automatically deleted when they pass their expiration period. To set your expiration periods, go to Data & Assets > Data manager > ... > Expiration just as in the image below.

📘

Efficient Engagement usage

Data expiration is particularly useful in optimizing your data storage (Maximum Event Storage, MES). Learn more about how to efficiently use this platform to get most out of your Engagement experience in this best practices article.

Recommended expiration periods

In the following table, you can see the recommended expiration periods for your events, which you can use as a baseline for your project. However, remember that these are just a starting point, and these may differ across industries and specific projects. What matters is whether you can justify the particular expiration period in your particular project and its purposes. These purposes include collecting evidence for a possible data protection inquiry (unlimited retention period), making analyses that take into account seasonability (13-month retention period), recommendations and predictions (3-month retention period), and many more.

EventRetention period
first_sessionforever
session_start13 month
session_end1 month
page_visit1 month
banner6 months
campaign13 months
purchaseforever
purchase_item13 months
cart_update1 month
checkout1 month
view_item3 months
view_category3 months
consentforever
double_opt_in1 month
ab test6 months
survey12 months
merge3 months
experiment6 months
anonymizationforever

📘

These expiration periods are based on an example of a specific industry. The ideal expiration periods may differ for different projects and cases. If needed, make sure to adjust these periods to your specific case. Remember to always consult your CSM before making any changes in an existing project to prevent deletion of important data.

Some of the recommended periods are set so as to ensure your website and customer knowledge can operate smoothly. One example of this is keeping a customer’s consent preference forever which ensures that your customers are not asked multiple times if they consent or are incorrectly contacted.