I know not popular, but set your email and other retention periods to a relatively short time frame - even a year or two drops tons of sensitive data off. Flag important or file elsewhere for stuff you want to keep.
This is often not legal. For example, Sarbanes Oxley requires seven years retention for public companies in the US[0]. Depending on industry it can be higher; I believe some financial segments are required to retain email indefinitely.
css|6 years ago
[0]: https://www.sec.gov/rules/final/33-8180.htm