Image by


The volume and complexity of digital data generated by companies and their customers are exploding rapidly. Companies recognize the competitive advantages that can be gained from better understanding their data and want to unlock the full value of it within their systems. 


Setting up systems and processes to get full insight from data and effectively executing these plans are the newest frontiers in business strategy. An end-to-end understanding of how and what data is created, shared, transformed, consumed, and eventually destroyed within the organization is critical. Information governance is an essential component of a robust information security program. 

An active and fully operational information management plan helps you:

  • Ensure compliance with regulatory requirements 

  • Increase efficiency while also increasing security and internal controls 

  • Bring consistency across the organization on information governance – for example by integrating your records and information management programs with privacy and other compliance programs 

what is data minimization_.png

What is data minimization?

Data minimization is the practice of limiting the collection of personal information to what is needed for the intended purpose. Article 5(1)(c) of the GDPR states, “personal data shall be adequate, relevant and limited to what is necessary for relation to the purposes for which they are processed (data minimization).” Though not mandated under the California Consumer Privacy Act (CCPA), data minimization is a requirement under the California Privacy Rights Act (CPRA).

Embracing data minimization will save time, money and reduce risks for the organizations. Excessive data not only makes them vulnerable to privacy breaches but also makes it difficult to store and manage data. In 2019, the electronic payment company UAB Mister Tango was penalized by the Lithuanian State Data Protection Inspectorate (VDAI) for collecting excessive data and storing it longer than necessary. The case marked the first administrative fine in Lithuania for violation of GDPR, emphasizing the fact that data minimization requirements need to be met diligently.


Embracing data minimization, as one of the most important tools in the toolbox for privacy, shows an organization’s commitment to privacy. Companies do not utilize 90% of the data collected either due to technology limitations or feel the data is not appropriate for decision making. Companies need a clear understanding of data being used and not being used. Furthermore, the value of data diminishes with time. Deleting obsolete data on a regular basis will ensure the availability of current and accurate data for analytics.

Retention Management
Retention Management

press to zoom
Business Functions
Business Functions

press to zoom
Retention Management
Retention Management

press to zoom

Our Services 

We provide solutions spanning the entire IG spectrum and with the right mix of technology and process. Our industry-leading Data Map technology provides a platform that allows our customers to build sustaining information governance programs. Our workflows help to govern the entire data footprint across cloud, on-prem and third parties and highlight critical areas to review. 

We integrate requirements from business, privacy, and retention to give you a comprehensive view to manage compliance. Auto classification allows retention policies to be actionable and dynamic. Retention schedules can be associated with data sources and incorporate requirements by jurisdiction. 


We also bring a wealth of consulting experience across different industry sectors to help our customers rapidly augment their Information Governance efforts. We have helped with assessments of the current state and benchmarking around Information Governance. 

Why Retention Management is Important 

The importance of properly governing and managing the data has been widely realized. But it is also important to dispose of the data properly after its useful life. Defining and governing retention is indeed a key aspect of comprehensive data lifecycle management. Well-managed retention processes will be in concert with data classification efforts and will allow flexibility to define appropriate retention schedules based on the type of data, business, and regulatory requirements. 

Regulatory environments are constantly changing with the increasing focus on data. The worlds of records, data, privacy, and security are intertwined and need to be managed more carefully. Retention is a critical aspect of this for:  

  • Complying with Regulatory Requirements: Regulatory requirements often immediately drive the retention of data. This has always been the case in heavily regulated sectors like Financial Services and Healthcare. Of late, privacy regulations like GDPR and CPRA have emphasized the importance of having a comprehensive retention plan for sensitive personal information.

  • Reducing redundant, obsolete, and trivial data(“ROT”): Identifying and deleting redundant, obsolete, or trivial data that gets generated routinely will help us to focus on data that matters.  

  • Security and Costs: Timely disposal of unwanted data considerably improves the security posture of the company. It drives significant reductions in eDiscovery costs, storage, and licensing costs.