Your company, which has stringent data retention and deletion policies, recently acquired a healthcare startup. This startup has accumulated a large amount of medical information from its customers, which must be retained for up to 4 years depending on when the data was originally created. According to corporate policy and regulatory requirements, this data must be securely retained during the retention period and should be deleted immediately once the retention period is over. Which approach should you take to manage and automate the retention and deletion of this medical data?