Data Minimization
Jump to navigation
Jump to search
Data Minimization is a process to reduce the amount of data linked to personal identifiers when providing a service.
Regulator Perspectives
GDPR recommends Data Minimization as one method to comply with data organizations’ protection obligations, such as ensuring appropriate security to safeguard personal data.[1]
- Article 25 (1): “Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.”[2]