GDPR: What is Data Minimization?
Adequate, relevant and limited to what is necessary
I have writing frequently about European General Data Protection Regulation (GDPR) these days. If you have missed my previous articles, you can check out those here —
- GDPR in Action — Step by step guide
- Dear Medium bloggers, you are GDPR ready?
- GDPR Sec 4 Article 37/38/39 — Why do you need to hire a Data Protection Officer?
Since I trying go over each and every section in GDPR, I see one particular word being used multiple times — Data Minimization
In this article, I intend to explore the details of Data Minimization.
What is Data Minimization?
According to GDPR, Chapter 2, Article 5 — Principles relating to processing of personal data,
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
This means — in the context of personal data, only collect, store and process what is adequate, relevant and limited to your business case. There is no clear definition of what personal data should be collected and what should not be. It is completely based on the specific use case.
For instance if you would like to build an email subscription list then only collect Name and Email. So if you are collecting anything more than this (Date of Birth, Religion etc.), then it might not compliant with GDPR.
How to Practice Data Minimisation?
Practising Data Minimization is not an easy thing but it is certainly not difficult. Anytime in any use case, if you are collecting personal data then just ask following questions to your self —
- What is the use case about?
- What all personal data is being collected?
- Do I need to collect all that personal data?
- How is this personal data will be used?
- Who will have access this personal data?
- Can my business use case still be functioning properly if I drop certain personal data objects?
- Does my data collection, storage and processing follow — Privacy by design and privacy by default?
Thank you for reading
If you have any better ideas for implementing Data Minimization, feel free to share. If you would like to read more on GDPR then you can check out following article —