Comment by GJim
2 hours ago
> uniformly the business side asks for every single piece of data possible to be collected and kept in case they need it.
True, though collecting and keeping unnecessary _personal_ data is very much a liability under the GDPR.
Also it's increasingly a liability for potential ransom. The less sensitive data you keep, the lower your exposure to ransom demands, even if your systems have vulnerabilities (hint: they all do).