By Amanda Regnerus, EVP, Product, and Services, US Signal

The world’s data is growing at an astonishing rate. In fact, it is predicted that by 2025, the world’s data will have grown to 175 zettabytes, with approximately 463 exabytes created each day. As the world’s data grows, however, so does the need to store it for regulatory, legal and other reasons. There is a current groupthink, due to recent laws such as the GDPR and CCPA, that all data has to be stored but this is incorrect. Not all data needs to be kept forever; unnecessary data storage takes up valuable space and increases costs.

It is important to determine what data is definitely needed to be stored and which you can let go of. A clear, comprehensive data retention policy can help you determine that, as well as how accessible it should be, how long it should be stored, and what to do with it when it’s no longer needed. A data retention policy can also be useful in determining shaping a company’s data backup plan as it helps you to review and decide what data needs to be backed up, how often, and where it needs to be stored.

If you are developing a data retention plan for the first time, or have just decided that your current one needs a refresh, there are some important steps and best practices to consider when doing so. Allow this article to be your ‘checklist.’

Data audit

The first step to developing a data retention plan is to conduct a data audit. A data audit is the process of assessing what data you have and determining if it fits the given purpose. Running a data audit includes reviewing all types of files such as documents, emails, online shopping cart data, lists of social media fans and followers, customer records, spreadsheets, receipts, financial reports, tax documents, images, videos, and much more (including data stored by third parties).

Once you’ve identified all your data, the next step is to identify where it is being stored, who has access, who needs access to it, and what it is being used for. You should also evaluate how often it is accessed and used. Once you’ve done all of this, the aim is to prioritize the data based on its value to the company.

Legal requirements

With governments taking a deeper look into how data is used and stored, it is important to review the legal requirements for retaining data, as well as taking note of all the current and upcoming laws and regulatory requirements that affect your company’s data. This means that when developing your data retention policy, it is key to work with your company’s legal team to determine what kinds of data must be kept, how long it should be kept for, and how best to dispose of the data.


Categorizing your data will greatly help with this process. You should start by separating the data into four categories: 

  1. Data that must remain live
  2. Data that must be retained but has to be easily accessible
  3. Data that must be retained for various lengths of time
  4. Data that you’d like to keep but aren’t required to keep. In this case, you should determine if the desire to keep certain kinds of data is worth the cost of keeping the data

Once the data has been separated into these categories, you should then identify the data that must be backed up for disaster recovery and business continuity purposes.

Calculation of storage needs

Calculating how much storage space you have will help to determine if you need to free up server space, cut down on clutter, or find more affordable options. It may even bring to light that your company is in need of storage expansion.

When you are doing this, you should look into if your company’s legal or compliance requirements require that data has to be stored off-site. You may be surprised to know that most regulated industries have a stipulation for this. However, given how laws are evolving regarding data, it may be in your best interest to have an internal stipulation for this even if you are not a company that resides in one of these regulated industries.

Storage options

This step requires you to review and assess which storage option would best suit your company’s data needs; you may even discover that your company requires tiers of various types of storage to accommodate different retention times or data types.

It is important to review the different types of data storage options that include:

  • Object Storage – computer-based data storage that manages data as objects. It benefits from being able to be scaled with almost infinite capacity.
  • File Storage – this option stores data in a hierarchical construct. It offers unmetered data transfer in and out of the storage array.
  • Disks – this option is where data is stored on spinning disks that use various electronic, magnetic, optical, or mechanical changes to store the data on a surface.
  • Tapes – this option is cheaper than cloud storage and uses less energy than disk storage. It is great for off-site storage.


Once you are ready to implement your company’s new data retention policy, it is important that it includes various fields so that it covers all data and use cases, such as user, department, folder, file type, and data type. You should also ensure that specific rules are laid out for employees, which clearly detail how to retain data and how to move it to different storage tiers.

You can opt to have an internal system to implement these rules, or you can use automated software to enforce the retention rules.


Lastly, ensure you document everything! Whether for compliance purposes, your disaster recovery plan, or just for keeping your staff informed, it is important that all data activities are documented clearly and stored in an accessible place.

Following these seven steps will help to set your company up to deal with the growing reliance on data that modern businesses have, as well as to ensure that you are prepared to comply with all data-based laws. As the world’s data grows, it is important that your company’s ability to handle it grows too.

About the Author 

Amanda Regnerus serves as EVP, Product and Services, US Signal. She oversees product development, marketing, and professional services for the organization. She works directly with strategic prtnerships like to develop effective GTM strategies that increase revenue in diverse product sets and is also involved in defining/driving the business plan and positioning for our products and services. Twitter: @ussignalcom