GDPR: Data Minimization

GDPR: Data Minimization

The General Data Protection Regulation (GDPR) is transforming the way organizations and European Union citizens think about their personal data. When the GDPR takes effect on May 25, 2018, EU citizens will gain greater control, privacy, and security over their personal data. The GDPR introduces some new requirements and reinforces a few common principles that shape how organizations collect and process personal data from EU citizens. One of the key components to the GDPR, that is not necessarily new, is the idea of data minimization. In this post we are going to take a more indepth look at data minimization and how it can impact different areas of your organization. If you are more interested in the GDPR as a whole, you might benefit from visiting the official website. Additionally, if you are unfamiliar with the GDPR terminology, consider referring to this definition page in the GDPR.

Data Minimization

Data minimization is the idea that controllers and processors use the minimum amount of data needed to successfully complete their task (GDPR Art. 5). When thinking about how to comply with data minimization, it is important to consider the duration for storing data, and the processes, software, and systems used in your organization. For example, if controllers only need addresses from data subjects for a project that lasts three months, that data should be erased once that project is completed in three months.

Data minimization is also important to take into account for auditing and logging aspects of a business. It’s important to take note of what kind of information you’re collecting, what information is actually necessary, why it’s necessary, and to discard any irrelevant data (Dataguise). For some controllers and processors, it might have been common practice to hold on to to irrelevant data in case it may be needed in the future; however, this practice should be abandoned because it is the opposite of data minimization and doesn’t comply with the GDPR.  Whether it’s your data collection team or your security team, it’s crucial to examine your processes and systems that are involved with collecting (Read more...)

*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Natalie Bluhm. Read the original post at:

Natalie Bluhm

Natalie is a writer for JumpCloud, an Identity and Access Management solution designed for the cloud era. Natalie graduated with a degree in professional and technical writing, and she loves learning about cloud infrastructure, identity security, and IT protocols.

natalie-bluhm has 172 posts and counting.See all posts by natalie-bluhm