Data portability and responsible retention are key tenets of modern data governance and compliance frameworks. The Data Export & Retention settings within the CVD Portal allow administrators to manage the lifecycle of their vulnerability data, ensuring alignment with internal policies and the specific data handling requirements of regulations like the Cyber Resilience Act (CRA).
The export functionality allows you to generate comprehensive archives of your vulnerability records, audit logs, and communication histories in standard formats (such as CSV or JSON). This is essential for migrating data to internal cold storage, conducting offline analyses, or providing comprehensive records during regulatory investigations.
Additionally, administrators can configure automated data retention policies. While the CRA requires maintaining records of vulnerabilities and remediation decisions for defined periods, holding onto highly sensitive exploit data indefinitely poses its own security risks. The portal allows you to define policies that automatically redact or purge specific vulnerability details after a set number of years, balancing compliance requirements with the principle of data minimization.