Principle of Data Minimization.

Hi, it’s Chuka here!

Welcome to another edition of the Privacy Note, I hope you had a good week.

This Friday we will be looking at the Principle of Data minimization, so, what is Data minimization?

Data minimization means that Personal Data must be adequate, relevant and limited only to what is necessary in relation to the purposes for which they are processed.

The processing of Personal Data is often a sensitive activity because of the inherent nature of human beings wanting their privacy respected. Due to the sensitive nature of Personal Data, any processing must be done for a specific purpose. This is bedrock of Data minimization as one of the principles of Data Processing under the NDPR/GDPR.

In order to determine what is adequate, relevant and limited, the purpose for the collection of Personal Data must be established. For example, a baker wants to carry out a survey for marketing purposes to determine which flavors of his new cake recipe people prefer. For this purpose, it would suffice to collect Personal Data such as names and phone numbers, however Data such as Race data or medical records would be unnecessary for the purpose the survey seeks to achieve. It would be inappropriate to keep any information that is not needed. Personal Data should not be collected on the off chance that it might be useful in the future.

As a Data controller it is important to follow the principle of Data Minimisation as represents best practice with maintaining customer trust and reducing the risk of unauthorized access and other security threats.

The following questions are important for determining if your Data collection practices are in line with Data minimization:

  1. The specific purpose for the Data collection
  2. Has the Data Subject been informed of the reason for the Data collection?
  3. Does the individual know why I am collecting his/her Data?
  4. Is the collection of the Data necessary to achieve the desired purpose?
  5. The amount of time the Data would be needed to achieve the said purpose.

Asking yourself these questions will help you understand what data you do and don’t need at any one stage, and therefore what data can be erased.

Till next week on a brand new edition, have a great time!

Leave a Reply

Your email address will not be published. Required fields are marked *