Data minimisation

Data minimisation is one of the core processing principles of the General Data Protection Regulation and is laid down in Article 5(1)(c) GDPR. According to this provision, personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. The principle therefore demands a two-fold assessment: first, whether any personal data are needed at all, and second, to what extent. Only those data that are genuinely required to achieve the specific, defined purpose may be processed; a merely possible future benefit or a general interest in collecting data does not justify the processing.

Data minimisation is closely linked to the other principles of Article 5 GDPR, in particular purpose limitation and storage limitation. Only once the purpose has been precisely defined can it be assessed which data are necessary and therefore permissible. The principle is also tightly interwoven with Article 25 GDPR: data protection by design and by default put data minimisation into practice technically and organisationally, for example through lean collection forms set as the default, pseudonymisation, or anonymisation wherever the purpose allows.

Under the accountability principle (Article 5(2) GDPR), controllers must be able to demonstrate compliance with data minimisation. In practice this means that collection forms, data fields and interfaces should be reviewed regularly to confirm that each individual data point is still necessary, and that data no longer required must be consistently deleted or anonymised. Breaches of the principle may be sanctioned under Article 83(5) GDPR with fines of up to EUR 20 million or 4 percent of total worldwide annual turnover, which is why data minimisation must be critically assessed in every record of processing activities and every data protection impact assessment.