According to the GDPR, you have the right to store personal data for as long as it is needed for the original purpose. This means that data must be deleted as soon as the original purpose no longer exists. This prevents the accumulation of large amounts of data for which there is no longer a legal basis.
What does this mean in practice?
In theory, I have to delete participants' data after an event, unless there are other legal requirements that force me to keep the data for longer. A good example is personal and financial data. Depending on the country, these must be kept for a period of several years. Similarly, data from ERASMUS+ projects must be kept for 5 years as proof for the national agency.
What does this mean for my participant data? I need to check whether there are any regulations or retention periods that oblige me to keep the information for longer. If not, I am obliged to delete it.