Data Minimization

From Open Risk Manual

Definition

The principle of Data Minimisation means that a Data Controller should limit the collection of personal information to what is directly relevant and necessary to accomplish a specified purpose. They should also retain the data only for as long as is necessary to fulfil that purpose. In other words, data controllers should collect only the personal data they really need, and should keep it only for as long as they need it.

The data minimisation principle is expressed in Article 5(1)(c) of the GDPR and Article 4(1)(c) of Regulation (EU) 2018/1725, which provide that personal data must be "adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed".

References

Retrieved from "https://www.openriskmanual.org/wiki/index.php?title=Data_Minimization&oldid=26043"
  • Creative Commons Attribution-NonCommercial-ShareAlike
  • Powered by MediaWiki
  • Powered by Semantic MediaWiki