Also legal issues (e.g. GDPR) should be addressed, perhaps via anonymisation.

Furthermore, it should be considered for how long the data are valid, and when their processing should be stopped. Also, when data are not valid anymore, should they be deleted, or maintained so as to check paterns in the future.