In this article, the author provides three versions of a data retention policy that appears compliant with GDPR or NIST. After taking NACVA’s cybersecurity course, a student reached out to me asking for a Data Retention Policy template that would be compliant with the statutes and frameworks discussed in the course, such as the National Institute for Standards and Technology (NIST) Cybersecurity Framework or the EU’s General Data Protection Regulation (GDPR). I thought this may be a good question for large language models because the subject matter is old enough that there is a sufficiently large amount of material available…