[GJim]

> uniformly the business side asks for every single piece of data possible to be collected and kept in case they need it.

True, though collecting and keeping unnecessary _personal_ data is very much a liability under the GDPR.

[SoftTalker]

Also it's increasingly a liability for potential ransom. The less sensitive data you keep, the lower your exposure to ransom demands, even if your systems have vulnerabilities (hint: they all do).