Data minimisation
Want to watch this video? Sign up for the course
or enter your email below to watch one free video.
Unlock This Video Now for FREE
This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.
GDPR Compliance: Principle of Data Minimisation
Overview
The principle of data minimisation states:
“Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.”
Comparison with the 1998 Data Protection Act
Similar to the third principle of adequacy in the 1998 Data Protection Act.
Key Differences under GDPR
Under GDPR:
- Demonstration: Must demonstrate appropriate processes to collect only necessary data.
- Assessment: Assess data held to determine necessity for processing.
- Unlawful Holding: Holding unnecessary data for longer than necessary may be unlawful.
Compliance Guidelines
Guidelines for compliance:
- Assessment: Assess data held to ensure relevance to processing purposes.
- Collection: Only collect data necessary for processing purposes.
- Justification: Justify each type of data processed to ensure necessity.
Accountability
Failure to demonstrate assessment of minimum necessary data may breach the accountability principle.
Conclusion
Ensure compliance by:
- Request: Do not request unnecessary information.
- Documentation: Make a list of processed data and justify each type.