“A data retention policy is a set of guidelines that dictate how long an organisation keeps data and how it is securely disposed of when it is no longer needed. It “
We are making a change to how backup retention is managed for customers using our NinjaOne powered backup service for Microsoft 365 or Google Workspace tenants.
Until now, some customers have never asked us to set a retention period, but from this point forward, all customers must choose a default retention policy for their backed up data.
What is a data retention policy?
A data retention policy is a set of guidelines that dictate how long an organisation keeps data and how it is securely disposed of when it is no longer needed. It helps answer three key questions: what data needs to be kept, how long it must be kept, and what happens when that time runs out.
The main benefits of having a retention policy in place include:
- Legal compliance – meeting obligations such as GDPR or sector-specific regulations that require certain records to be kept for defined periods
- Risk management – reducing liability by not holding data longer than necessary
- Operational clarity – giving clear guidelines on what should be kept and what should be deleted.
What is a default retention policy?
A default retention policy is a mandatory, organisation-wide baseline rule that applies to all data backed up with this service. It ensures data is not accidentally removed before its time, and equally that data is not retained indefinitely without good reason.
Which retention period should you choose?
You must select one of the following options:
- 14 months
- 4 years
- 7 years
- Unlimited
We recommend consulting a legal or compliance professional before making your choice, as requirements vary depending on your sector and circumstances.
When does data get deleted?
Retention policies take effect as soon as they are applied. Any data that already exceeds the chosen retention period will be permanently deleted within 24 hours and cannot be recovered. Please bear this in mind before selecting a shorter retention period.
Data age is calculated differently depending on the workload:
- For email, age is based on the date the message was received
- For OneDrive and SharePoint, age is based on the last modified date of the file or item
What do you need to do?
Please get in touch to let us know which retention period you would like set for your account. If you are unsure which option is right for your organisation, we are happy to talk it through with you.
This is NOT your Microsoft 365 or Google Workspace data retention policy!
It is important to note that this retention policy applies solely to the data held within the backup service itself — it has no effect on your Microsoft 365 or Google tenant or the data within it. Emails, files, and other items in your live environment are entirely unaffected. The policy only governs how long copies of that data are retained within the backup platform before they are automatically removed.