dataminimisation

Data minimisation is a principle of data protection and privacy that dictates that personal data should only be collected, processed, and stored for a specific, explicit, and legitimate purpose, and that the amount of data collected should be adequate, relevant, and limited to what is necessary for that purpose. It is a core component of many privacy regulations, including the General Data Protection Regulation (GDPR) in the European Union.

The principle encourages organizations to be mindful of the data they collect and to question whether each

Implementing data minimisation requires a proactive approach. This includes designing systems and processes with privacy in