Data Minimisation is a principle that states that data collected and processed should not be held or further used unless this is essential for reasons that were clearly stated in advance to support data privacy. In the General Data Protection Regulation (GDPR), this is defined as data that is:
Apart from the fact the Data Minimisation principle is being reviewed and strengthened by the GDPR and there are new obligations for personal data, it also represents best practice with maintaining customer trust and reducing the risk of unauthorised access and other security threats.
When collecting data, remember to ask yourself several questions for each point of data you are planning to collect:
Asking yourself these questions will help you understand what data you do and don’t need at any one stage, and therefore what data can be erased.