Less data
Store only what is really needed.
Security
Security as part of the basics.
An internal system is only useful if it does not make the business riskier. Data, access and backups matter from the start.
Even small systems need data minimisation, clear permissions and recoverable operation.
Security
Security is part of the system, not an afterthought.
Clear access
Make it clear who can see and change what.
Recoverable operation
Keep the system understandable, backed up and maintainable.