Lesson 4The GDPR principles of data protection
- Notion 26 - The importance of the personal data processing principles
- Notion 27 - First GDPR principe: lawfulness, fairness, transparency
- Notion 28 - Second GDPR principle: purpose limitation
- Notion 29 - Third GDPR principle: data minimization
- Notion 30 - Fourth GDPR principle: accuracy
- Notion 31 - Fifth GDPR principle: storage limitation
- Notion 32 - Sixth GDPR principle: integrity and confidentiality.
- Notion 33 - Seventh GDPR principle: accountability
- Notion 34 - Review of the main concepts.
Notion 29
Third GDPR principle: data minimization
Target skills
Principle 3 - Data minimisation
Article 5 of the GDPR states that personal data must be: "adequate, relevant and limited to what is necessary for the purposes for which it is processed (data minimisation)". This means that those who process data should only have information that relates to the specific purposes of that data processing. To achieve this, companies should only request the information that is strictly necessary and share as little information as possible. It also means that they should regularly review the data they hold and delete any information they no longer need.
Example: Your favourite clothing shop has an online platform and you are interested in receiving information about sales by email. When you go to the form to fill out your contact information, you see that it asks for the following information: First Name, Last Name and Email. However, to take you to the next page, you will also be asked for your Gender, Address and Occupation. Note that according to this principle, these details should not be mandatory, as they are not relevant for informing about upcoming sales and therefore do not comply with this data standard.
For you to have a better picture of this, here is a short video where you can see how the principle of data minimisation works: