Where the purpose for keeping personal data has lapsed, the data controller shall destroy the personal data and render the personal data inaccessible as soon as reasonably practicable, in accordance with the Regulations.