Menu

Data minimisation

This is the first of three principles about data standards, along with accuracy and storage limitation.

Article 5(1)(b) of the Applied GDPR requires that personal data is:

"adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed"

You must ensure the personal data you are processing is:

This is an exacting standard for controllers to meet. To assess whether you are holding the right amount of personal data, you must first be clear about why you need it and be able to identify and process the minimum personal data necessary for each particular purpose.  The accountability principle means that you need to be able to demonstrate that you have appropriate processes to ensure that you only collect and hold the personal data you need.

Individuals have several rights which are related to this principle including the right to complete any incomplete data which is inadequate for your purpose under the right to rectification and to get you to delete any data that is not necessary for your purpose under the right to erasure (right to be forgotten).

This principle also links in to the fairness and transparency requirements,including the information that must be supplied to data subjects, and to the concept of data protection by default.