top of page
Search

Walk With Me: The Hidden Risk in Keeping Too Much Data

In my last blog, I spoke about data breaches - how sometimes the biggest risks come not from hackers, but from the everyday mistakes we never see coming. 


But while I was learning about breaches, another theme kept popping up in conversations with our Compliance Lead and clients: We keep too much data. 


Not intentionally. Not maliciously. Just… gradually, quietly, over time. 

And the more I listened, the more I realised just how risky that habit can be. 

 

The moment it clicked

I always thought holding on to data was harmless, almost helpful. “Just in case we need it one day,” right? 


But here’s what I didn’t consider: Every piece of data you store becomes something you’re responsible for. 


This includes: 

  • Old data

  • Duplicate data

  • Data no one remembers collecting

  • Data that no longer has a purpose

It all becomes part of your risk. 


When I heard this for the first time, it hit me harder than I expected. Because suddenly I could see the problem everywhere - in systems, spreadsheets, inboxes, folders, shared drives… 


It's easy to forget that outdated information is still personal information. And if your business can’t explain why you’re keeping it, you probably shouldn’t be. 

 

What I’m learning about data minimisation

Data minimisation sounds like a technical term, but it’s actually quite simple: 

  • Only collect what you need

  • Only keep what you use

  • Delete what no longer serves a purpose

 

The challenge isn’t understanding the principle; it’s creating the habit. A habit of asking: 

  • “Why are we collecting this?” 

  • “How long do we actually need it?” 

  • “Do we still have a lawful reason to keep it?” 

  • “What happens if we delay deleting it?” 

 

Because the longer you keep unnecessary data, the more exposed you become. 

 

Why retention matters

This is the part that surprised me most: Retention isn’t only about storage, it’s about risk. 

 

Keeping data for too long increases: 

  • Cost - storage, maintenance, security 

  • Legal exposure - especially when laws require deletion 

  • Breach impact - more data = bigger damage 

  • Reputational fallout - because people expect you to protect their information 

 

And yet, many organisations still run on the mindset of “save everything”. 


What I’ve learned is that deleting data isn’t a loss - it’s a form of protection. A way to reduce risk before anything even happens. 

 

Developing a new mindset

As I continue shadowing compliance discussions, I’m realising that data retention isn’t about ticking boxes. It’s about intentionality. 

 

Replacing: 

  •  “Keep it, we might need it.” 

with 

  • “Keep it if we have a purpose.” 

 

  • “We’ll delete it later.”

with 

  • “We delete according to a defined schedule.” 

 

It’s a quieter part of data privacy, not as dramatic as breaches or as complex as global regulations, but it’s foundational. 


And honestly? It’s one of the easiest places to start improving. 

 

Walk with me

I’m still learning how organisations design retention schedules, how they decide what stays and what goes, and how they shift the culture from “collect everything” to “collect responsibly.” 

 

So, like the rest of this journey, I’m not sharing this from the top of the mountain. I’m sharing it while still climbing, noticing new things with every step. 


If you’ve ever wondered whether your business keeps too much data, or struggled to decide what should be deleted and when, walk this part with me. 

Together, we can learn how letting go of unnecessary data isn’t just tidy - it’s protective. 

Comments

The Hague, Netherlands | Johannesburg & Cape Town, South Africa

Email us
LinkedIn
Youtube

At Pétanque NXT your abundance is our aim. We are management consultants who focus on strategy and process with expertise in project and change management, using our award-winning storyboard process mapping methodology to help you make change happen.

Privacy Notice

Terms of Service

bottom of page