Why Data Deletion Is Still a Struggle—and What Businesses Must Do About It
In an era where privacy regulations like GDPR and CCPA have made data deletion a legal obligation, many organizations still find themselves struggling to fulfill these requests. The biggest challenge? The data itself.
Data proliferation across martech stacks, CRM systems, shadow IT, and siloed repositories has made it nearly impossible for businesses to know what data they have, where it lives, and how to trace it. According to Harvard Business Review Analytic Services, customer data silos are among the top threats to trust and the biggest barriers to using martech effectively to build it.
But the deeper issue is one that’s long been overlooked: the lack of mature data governance programs. Gartner predicts that by 2027, 80 percent of data and analytics governance initiatives will fail due to a lack of crisis-driven urgency and business alignment. And while AI adoption is nudging some companies toward better governance, Tdan reports that only 31 percent currently report having formal programs in place. Without governance—defined as the formalized enforcement of policies, procedures, and control—organizations simply cannot manage the complexity of modern data ecosystems.
When it comes to third-party platforms and backups, the challenge multiplies. The martech landscape now includes more than 15,000 unique solutions, and many companies use dozens, if not hundreds, of these tools. Visibility into where data flows across the entire ecosystem is critical. If you don’t know what tech you have and where the data is going, you cannot ensure appropriate deletion across all the vendor applications.
Communication across platforms and vendors is also essential, especially when deletion requests must be executed quickly and documented thoroughly. Due diligence is an indispensable component of the application acquisition and vendor relationship process and contractual obligations must include deletion timelines and proof of compliance because the responsibility lies with the data owner—not the vendor.
Forrester analysts echo this need for cross-functional collaboration and tailored deletion strategies. They emphasize that deletion hesitancy often stems from poor stakeholder alignment and a lack of clarity around what “deleted” means in digital environments. Unstructured data, legacy systems, and even paper records add layers of complexity that many organizations are ill-equipped to handle.
So what’s the path forward?
- Businesses must build governance programs that are outcome-driven, agile, and embedded across departments. Gartner recommends shifting away from rigid, control-centric models toward frameworks that enable decision making and business value.
- Deletion processes must be transparent and customer friendly. Customers should be able to easily find and understand how to request data deletion. Frontline staff need training and tools to process requests efficiently and communicate clearly. And with the rise of agentic AI, companies must be prepared to handle deletion requests initiated by intelligent agents.
Ultimately, data deletion isn’t just a compliance checkbox—it’s a trust-building exercise. Businesses that get it right will not only avoid regulatory pitfalls but also earn the loyalty of increasingly privacy-conscious customers.
Lisa Loftis is a principal on the Global Customer Intelligence Team at SAS, where she focuses on customer intelligence, customer experience management, and digital marketing. She is co-author of the book Building the Customer Centric Enterprise.