The “data minimization” concept states that a data controller should only gather personal information that is directly relevant and essential to achieving a particular objective. They should also only keep the data for as long as is required to fulfill that objective.
Article 5 of the GDPR outlines the fundamental data protection principles to be followed while processing personal data. It comprises data minimization, commonly known as “data avoidance.”
According to the GDPR’s data minimization standards, personal data must be:
This implies you must meet the following standards.
1. The data gathering must be appropriate to the processing’s intended aims.
For example, when someone subscribes to a newsletter, collecting the data subject’s address is not appropriate to the objective (sending the digital newsletter via e-mail), thus, you are not allowed to collect it in the newsletter subscription form.
2. The data minimization principle also demands that this gathering be essential since the processing cannot be completed otherwise.
For example, the goal of collecting biometric data as part of a fingerprint check at a building’s door is to prevent unauthorized individuals from entering.
3. The fact that specific data is appropriate and required to achieve a goal is insufficient. The context in which the data is processed is equally essential.
For example, a geolocation system may be put on a truck for optimal route planning, but it may only be operational during the driver’s working hours.
If these standards are not met, the data subjects are entitled to all of the rights outlined in Chapter III and Article 77 of the GDPR. They have the right, in particular, to have the data destroyed if it is no longer required for the processing’s purpose.
This article is a part of our series on GDPR and GDPR compliance. Read also:
When processing data, you must ask yourself which data is required to fulfill the goal. Our Consent Solution helps you record and manage GDPR & LGPD consent and privacy preferences for each of your users. It smoothly integrates with your consent collection forms, syncs with your legal documents, and includes a user-friendly dashboard for reviewing consent records of your activities.