#6 – Data minimisation
Welcome back to our series about the GDPR requirements! In the last post, we discussed the principle of storage limitation: How long you can keep personal data for processing, how to determine retention periods and to have the correct documentation in place. Today, we are going to explore another principle relating to the purpose of your processing – the principle of data minimisation.
This principle entails that the personal data you collect must be adequate, relevant, and limited to what is necessary for the purpose you process it for. You have to consider this not only before processing, but also regularly during processing.
Let’s break down the meaning of these adjectives, in the context of privacy. Adequate implies the sufficiency to properly fulfil your chosen purpose for the processing. Data may be inadequate if you make decisions based on an incomplete understanding of facts. If an individual asks you to supplement incomplete data under their right to rectification, it could indicate that the data you’ve collected is inadequate for the purpose. Relevant indicates a rational link between the data and the purpose you process it for. Limited to what is necessary means that you don’t hold more personal data than you need for a specific purpose.
To make it easier for you to comply with the principle of data minimisation, I’ll give you some examples of best practices that I encourage you to consider:
- You should avoid processing personal data altogether when this is possible for achieving the relevant purpose
- You should also limit the amount of data you collect to what’s specifically necessary for your purpose
- You can assess whether you can achieve the same purpose by processing fewer, less detailed, or aggregated data
- Limit the access to the personal data you keep by shaping your processing in a way that a minimal number of people require access to it to perform their duties and use aggregated data when possible
- Your flow of data should be sufficient enough so no more copies than necessary are created
- As soon as it is no longer necessary to keep directly identifiable personal data, pseudonymize it and store identification keys separately
- Lastly, when personal data isn’t or no longer isn’t necessary for the purpose, you should delete or anonymize it
Now, we’ve discussed several requirements relating to your purpose of processing personal data, as well as the limitations of the processed data. To further educate yourself about data minimisation, I recommend you to look into the EDBP Guidelines of the EU GDPR and the ICO Guidelines in terms of the UK GDPR. In the following three posts, Albin will teach you more about the principle of lawfulness and legal bases for processing personal data. Over to Albin!