At some point in a devices lifecycle, data must be destroyed. Data privacy regulations dictate the way organizations approach data storage, transmission, sharing and destruction. You need to know where all your data lives so nothing lingers for a potential breach. The right to be forgotten is now part of the data destruction process, making it vital that the cybersecurity team knows everywhere data is stored. Make it clear to employees what the process is. If employees are using personal devices to access data that is going to be destroyed, their devices will have to be scrubbed.”]
Source: https://securityintelligence.com/articles/data-destruction-beyond-delete-for-privacy-law-compliance/