Many companies neglect the issue of data quality

Secure and legally compliant data deletion
Many companies neglect the issue of data quality

By Oliver Rozić*

providers on the matter

Companies are collecting more and more data in order to evaluate it and derive important insights from it. However, sophisticated data analysis tools are of little use if the data quality is not correct. Therefore, businesses need clear guidance on how and when data is retained and legacy data is deleted.

Outdated, inaccurate and incomplete data reduce the validity of analyses, cause additional work and can be a safety concern.

Businesses are collecting more and more different data and using more and more channels to interact with their customers. This often leads to fragmented silos of data that can only be opened up and brought together with great effort. In this context, there is a high risk of creating inaccurate, incomplete and outdated datasets, which will reduce the relevance and timeliness of the insights gained in the analyses.

From a legal perspective – keyword: General Data Protection Regulation (GDPR) – the complexity has increased. This applies in particular to the issue of data deletion. According to a study by data retention specialist Blancco, almost all (96 percent) of the more than 1,800 companies surveyed worldwide have guidelines for data handling and deletion. However, most of them fail to fully convey these regulations to their employees. In Germany, this is the case for half of the survey participants – with notable implications for the operational handling of information collected by the company.

Sensitive corporate data can fall into the wrong hands

In many companies, this leads to a false sense of security in handling data – especially when it comes to resolving it. As the study further shows, this often takes the form of purely physical destruction of data carriers or in erasure or formatting processes. However, simply formatted hard drives are relatively easy to recover and this can potentially end up in the wrong hands.

A similar risk also exists when employees leave the company or when obsolete laptops, desktops, hard drives or server hardware are destined for disposal. According to the study, about half of the old devices are discarded by third parties and thus removed from the company’s sphere of direct influence. If devices are stored for a long time before being erased, or there is insufficient documentation about data that was securely erased, companies can quickly find themselves in need of explaining.

In this context, simply formulating guidelines for data compliance and protection as well as data handling and deletion is not enough. Companies working with data and its analysis also need clear personal responsibilities for data capability and data security – for example in the form of a CDO (Chief Data Officer or Chief Digital Officer), who is responsible for implementing of counterparts Supports guidelines, promotes their compliance and implementation and communicates and requires necessary procedures.

How do you delete data safely and legally?

Secure and legally compliant data deletion:

  • The first thing you need to do is set the context conditions. This includes setting standards for availability, use, data quality, access, security and data protection.
  • Responsibilities for implementing the guidelines and monitoring compliance must be clearly assigned.
  • Personal data cleaning and deletion times as well as retention periods should also be specified in the framework terms. Legal requirements (eg GDPR) must also be taken into account.
  • The previously established guidelines must be communicated throughout the company and all employees must be made aware of the issue of data quality.
  • Your data deletion policy should cover all IT assets – including smartphones, tablets, computers, servers and virtual infrastructure.
  • It is important that devices with sensitive data do not leave the company or data center environment – this is especially true since hybrid working models can no longer clearly separate private and business use of end devices.
  • Even with old devices, care should be taken to ensure that their data remains within the sphere of influence of the respective company’s IT infrastructure – for example in case of recycling or donation. In these cases, the data should be deleted from the devices on site and the deletion should be proven with a corresponding certificate.
  • If an external provider undertakes the disposal of old devices, they should create a full chain of evidence detailing how the goods have been handled since they were received. In this case, it is advisable to issue a data destruction certificate for each device.
  • Devices should preferably be disposed of within 24 hours at the end of their useful life.


Data deletion is an ongoing learning process for everyone. Secure and legally compliant data deletion no longer affects only IT or data managers, but many departments and employees. Therefore, in addition to relevant measures, regular training and internal feedback loops are important to ensure that the guidelines are properly implemented across all departments and among all employees, colleagues, freelancers and partners.

Oliver Rozić, VP of Product Engineering at Sage.
Oliver Rozić, VP of Product Engineering at Sage.

(Image: Sage)

Like digitization itself, the journey to clean and well-kept data is an ongoing process that cannot be implemented overnight. But it’s important to start today.

* The writer Oliver Rozić is VP of Product Engineering at Sage


Leave a Comment