Privacy

Data Minimization

The principle that only the minimum amount of personal data necessary should be collected and processed.

Data minimization is a core principle of data protection law requiring that personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

In Practice

  • Only collect the fields you actually need for a stated purpose
  • Don't require a phone number if email is sufficient for communication
  • Don't store full IP addresses if a country code serves your analytics needs
  • Regularly review and delete data you no longer need (see data retention)

Data minimization works alongside purpose limitation and storage limitation to form the foundation of privacy by design.

GDPR Article 5(1)(c).

Related Terms

Personal DataPrivacy

Any information that can identify a living individual, directly or indirectly.

Purpose LimitationPrivacy

Personal data must be collected for specified, explicit purposes and not further processed in an incompatible way.

Storage LimitationPrivacy

Personal data should be kept only for as long as necessary for its stated purpose.

Privacy by DesignPrivacy

An approach that embeds privacy protections into systems and processes from the start, rather than adding them later.

Data RetentionPrivacy

The policies and practices governing how long personal data is stored before being deleted or anonymized.

Data ControllerData Portability