The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
This general concept is discovered frequently in the group I work in.
We collect operating data, not necessarily personal data, from various pieces of equipment, sensors, meters, etc. And we keep that data... seemingly forever.
We do have some regulatory requirements to hold certain data for 'X' number of years; after that time period, we can LEGALLY dispose/delete the data.
If we delete the data as we are allowed to do, then, in the event of a legal action, we cannot provide data we don't have - which may benefit the company.
However, from the perspective of seeing how something performed over time, we may need more than 'X' number of years of data to see a long term trend... think of very large turbines for example. They may have a service life of 20 to 30 years.
So... it is an interesting topic to say the least.
Where I work its in house development of Insurance back office system. We hold regular audit reviews by each department team leader(s).
Our parent company then on top of that have Yearly company audits and then Group Internal Audits every 2 years repeating depending on how you fair with the audit.
We also have security audits on top of that which look at the access of property / systems etc.
Every day, thousands of innocent plants are killed by vegetarians.
Last year we were tasked with reverse engineering a legacy app, we could not find anyone willing to admit they owned the data and that was from the POV of we want to fix this for you, not you f***ed up and we want to put your ass in a sling.
So I guess DP was low on their priority list (there was no personal data involved).
Never underestimate the power of human stupidity
This may (or may not) have been said already. As a database administrator, we were always told that WE were the custodians of the data, but the Application team OWNED the data. Meaning, we were responsible for the routine maintenance, consistency, and availability of the data while the Application team was responsible for the Content