A variety of tools are needed with which the data can be
1. Localized, irrespective of whether this means emails or files or whether the information is kept at a local storage location, in a data center or in a cloud environment.
2. Indexed, classified and therefore made searchable.
Once the company is familiar with the data and its contents, it is necessary to 3. implement standardized storage and data minimization in the meaning of the GDPR. The crux of the matter is to root out duplicate datasets from multiple sources in a variety of storage locations, transfer them to a central archive storage and to manage them there. Familiarity with the current data simplifies the search for information in the case of an audit. It is also possible to define policies and configure the system to ensure compliance and audit-proofing.