The Data Protection Act (current law) requires companies to ensure that they only collect the personal data they need for the purposes they have specified. They are also required to ensure that the personal data they collect is sufficient for the purpose for which it was collected.
This is retained with more emphasis as part of the six principles of the General Data Protection Regulation (GDPR) - known as the Data Adequacy and Data minimisation principle (see Article 6 1(c) and Article 5, 1(C) of the GDPR).
Many non-EU organisations collect personal data, and then later decide the purpose for which they wish to use this data. The Directive does not permit this approach, and the GDPR tightens the restrictions further, stating that organisations should not collect data that isn't necessary for a specified purpose that has been notified to data subjects.
Client Sync™, part of the Data Sync Manager™ suite, allows you to take a time-slice of data (e.g. 'X' months as opposed to using DB copy or SAP full copy process which implies entire Business and Personal data history worth over 5 - 10 years or more). This minimises and reduces organisation data footprint, with only the minimum data needed for testing or business use-cases.
Employee sensitive data can be immediately excluded from Sync in non-production environment when not needed. This gives you as a business more granular control and ownership of the data set copied, thereby further reducing the personal data footprint.