You should have different approaches when you migrate low- and high-value and low- and high-risk information. Much depends upon the cost of your migration tool, how organized the content is and who “owns” the content.
No one knows what will happen as GDPR comes into force. But plenty of people are offering a plethora of predictions, from what kind of company will be affected to the future of similar regulations in the U.S. to the connection between GDPR and cyber attacks. Whatever is true—or not—the best preparation is good information governance.
Risk mitigation in financial services requires good information governance. There will be breaches, so reduce your signal-to-noise ratio by getting rid of information that’s stale, junk or past its (legal) operational life. And guard your intellectual property!