July 2026: Postroom - Automated GDPR redaction
Protect personal data with automated GDPR redaction
Keeping personal data for longer than necessary can increase compliance risk and create unnecessary data retention overhead. The Postroom Data Redaction feature helps reduce that risk by automatically removing recipient personal information from collected item records after a configurable retention period, while keeping the delivery record itself for audit and history purposes.
What it is and why it matters
Postroom Data Redaction is a new feature that automatically removes recipient personal data from item records once your chosen retention period has been reached.
This helps organisations support GDPR data minimisation requirements and align Postroom records with internal retention policies. Rather than retaining names, company details or location information indefinitely, you can now define how long that information should remain available before it is redacted.
The key benefit is that your organisation can preserve an audit trail of deliveries without continuing to store personal data longer than necessary. This supports compliance, reduces exposure, and gives administrators more control over how recipient information is handled over time.
When to use this
This feature is useful when your organisation has a policy requiring personal data to be removed from operational records after a defined period.
It is particularly relevant if you:
-
operate under GDPR or similar data minimisation obligations
-
have internal data retention policies that limit how long recipient details should be stored
-
want to keep proof of delivery activity for audit purposes without retaining unnecessary personal information
-
need a more consistent and automated approach to postroom data handling
How it works at a high level
Administrators can configure a retention period in Client Settings.
Once that retention period has passed, Postroom automatically redacts the selected recipient data from the item record. This can include recipient names as well as company or location details, depending on how the setting is configured.
The item record itself remains in the system, so your organisation still has access to its delivery history and audit trail. Only the relevant personal data fields are cleared.
A few important points to note:
-
redaction happens automatically once the retention period is reached
-
the original personal data cannot be restored through the user interface after redaction
-
reporting and item tracking are not affected by the removal of these fields
Best practice tips
To get the most value from this feature, we recommend the following:
Agree your retention period internally first
Work with your data protection, compliance or governance team to decide on a retention period that reflects both your regulatory obligations and operational needs.
Start cautiously if needed
If you are introducing redaction for the first time, consider starting with a longer retention window, such as 90 days. This gives teams time to deal with late queries before moving to a shorter period if appropriate.
Redact all unnecessary personal fields
Where possible, enable redaction for both recipient and location-related fields unless there is a clear business reason to retain one of them for longer.
Review the setting as policies evolve
Retention requirements can change over time, so it is worth reviewing your configuration periodically to make sure it still aligns with current policy.
Communicate the change to administrators
Because redaction is irreversible through the UI, make sure relevant teams understand how the feature works before it is enabled.