Retention strategy for audit events

In context of discussing the database design for audit events, branching off the topic about data retention here:

What is a data retention policy for audit events? How long do we intend to keep this data and when is it possible to delete?

---

Summary of the discussion

• Retention policy should follow the most strict case. Flat-policy of 7 years would be acceptable for now.
• Customers should get ample notification to download data before it is deleted