The length of time an organization retains different categories of data, which is often set by a data retention policy. Some regulations require indefinite retention of certain data (such as SEC Rule 17a-4’s requirement to preserve electronic records in a “non-erasable format”). Other regulations require the deletion of certain data (such as the GDPR’s “right to be forgotten”).