because of the data privacy act we have to delete customers after they left university.

 

Ask your legal people whether anonymizing the information would be sufficient (ie, changing all the personally identifiable information to random gibberish or “Deleted Customer”). That way the database integrity is preserved, but the personal  information is not retained, and there are no patterns to analyse in the data (it’s all the same “Deleted Customer”).