Working for a SIEM vendor I understand the value of data as well as the many touch points a user has in an IT environment. Removing data an organisation holds on an individual is no simple task.

In principle it sounds easy: just delete a user record in a database or a set of files on a server but the reality is very different. 

There is a lot of good software available to reconstruct deleted data. Databases typically have backups in which supposedly deleted user records will reside. Other operational and security systems also contain silos of user information held for auditing purposes.

No doubt larger organisations with the resources, budgets and know-how will be able to achieve data sanitisation. 

The real challenge will be for smaller organisations whose businesses are built around user data. They do not have the knowledge on how to police this data and little clue on which systems to put in place to protect it. As GDPR approaches it's essential to remedy this.