What is data minimisation?
In the context of data privacy regulations such as the GDPR, data minimisation means reducing the personal data you collect, use and store. It involves limiting the personal data you process to only what is adequate, relevant and necessary for a specific purpose.
Data minimisation is a key principle in relation to compliance, and is closely linked to other principles such as purpose limitation and storage limitation. This blog is about how you can reduce unnecessary data in your company.
Benefits of data minimisation
You need to collect data from your customers and leads to provide services and improve your business. However, the more data you store, the higher your risk of unintentionally violating privacy laws or falling victim to data theft. Further, storing unnecessary data can be expensive and time-wasting. Keeping files you don’t need clogs up your storage, and makes it harder to find other important information that would add value to your business.
Naturally, the total amount of personal data you store will trend upwards as your business grows. Still, there is much you can do to reduce unnecessary data collection, processing and retention. This, in turn, will reduce your overall risk and exposure. As a bonus, it will save you time and money, and make it easier to put your most valuable data to good use.
Start your GDPR cleanup where it is needed the most
Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.
Quick-guide to data minimisation
Here are a few steps you can take to apply the principle of data minimisation:
Identify your purposes for collecting data
Think about when and why you collect data. How do you use it? Is there a way to achieve your purpose without using personal data? List your purposes for collecting personal data in your privacy policies and consent forms, then stick to them.
Decide how long you will keep personal data
How long do you need to keep the data? Decide how long you will store different types of data. Detail this in your policy and dispose of data when it reaches the end of its useful life.
Review and delete data you no longer need
Periodically take inventory of the data you’ve collected. Review it and assess whether you still need it for the intended purpose. If data is no longer necessary, delete it.
Train employees to be data minimalists
Make sure your employees understand when, why and how to collect personal data. Further, emphasise the importance of collecting only the data necessary for these legitimate business tasks. Finally, check that everyone knows about how long to keep personal data and when to delete it.
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
Find data you no longer need
Cleaning up data storage is an overwhelming task. Some companies do not know where to start. Others make efforts to tidy up but find the process too slow and time-consuming. Here are a couple of suggestions to make clean up easier to tackle:
- Focus on personal and sensitive data first
- Use an automated tool for speed and accuracy
Try using DataMapper to quickly pull up personal and sensitive data and sort it by category, age, and more. Review files to make sure you still need them for the purposes for which they were collected. Then, delete what you don’t need.
Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →
