Home

Dataminimering

Dataminimering, or data minimization, is the privacy principle that organizations should collect, store, and process only the minimum amount of personal data necessary to achieve a declared purpose. The goal is to reduce privacy risks, improve transparency, and lower storage and processing costs. It is a central element in privacy frameworks and privacy-by-design approaches.

In legal terms, data minimization is enshrined in the European Union's General Data Protection Regulation (GDPR),

Practices and techniques include data minimization by design and by default, where systems are configured to

Implementation also involves governance: DPIAs (privacy impact assessments), data stewardship, access controls, data retention policies, and

Challenges include balancing analytical or business needs with privacy, especially in big data and AI contexts

Examples include restricting signup forms to essential fields, pseudonymizing user identifiers in analytics, or aggregating data

which
requires
that
personal
data
be
adequate,
relevant,
and
limited
to
what
is
necessary
for
the
purposes
for
which
they
are
processed
(Articles
5(1)(c)
and
related
recitals).
It
is
often
paired
with
purpose
limitation
(Article
5(1)(b)).
collect
only
what
is
necessary;
data
inventories
and
purpose
specifications;
retention
schedules;
and
techniques
such
as
anonymization,
pseudonymization,
masking,
aggregation,
and
encryption
to
reduce
identifiability
while
preserving
utility.
obligations
in
processor
agreements
to
limit
data
processing
and
require
data
deletion
when
no
longer
needed.
where
more
data
can
improve
models.
Achieving
meaningful
minimization
requires
ongoing
data
mapping,
regular
audits,
and
a
risk-based
approach
to
determine
what
data
is
truly
necessary.
for
reporting
to
avoid
exposing
individuals,
and
setting
strict
data
retention
periods.