Data Minimization is a privacy concept that’s written into GDPR and is a best-practice for privacy-conscious businesses worldwide. It holds that businesses should collect and process only the bare minimum amount of data needed to accomplish a goal.
Data Minimization is a privacy concept that’s written into GDPR and is a best-practice for privacy-conscious businesses worldwide.
It holds that businesses should collect and process only the bare minimum amount of data needed to accomplish a goal.
That means you should:
Seems straightforward, right? In practice, data minimization is a pretty radical change for a lot of businesses. It forces them to take a “ready, aim, fire” approach to the data they use instead of the scatter gun approach that was common before digital privacy became a concern.
In particular, adhering to a principle of data minimization forces businesses to get serious about Data Entitlements within their organization. Sharing data internally becomes a closely controlled process. Questions like, “Could you put that list of email addresses on this flash drive?” or “Could I get your login for the CRM?” can no longer be answered with a yes — in fact, they can no longer be asked.
In Europe, there have been GDPR fines specifically for “non-adherence to the principles of data minimization.” While there aren’t similar penalties under the CCPA or other US privacy laws, it remains an excellent business practice to ensure that a business’s data operation is lean, efficient, and low-risk.
Recently, Ethyca CEO was in conversation with the Regional Head of BCG Venture, Paul Hunyor, at the World Economic forum in Davos Switzerland. Their conversation touched on challenges posed by Data Minimization and other privacy best practices. You can listen below:
Ethyca hosted its second P.x session with the Fides Slack Community earlier this week. Our Senior Software Engineer Thomas La Piana gave a live walkthrough of the open-source privacy engineering platform, Fides 2.0. He demonstrated how users can easily deploy Fides and go from 0 to full DSR automation in less than 15 minutes. If you weren’t able to attend, here are the three main points addressed during the session.
Introducing consent management in Fides 2.0. With the coming state privacy laws in 2023, your business needs to have granular control over users’ data and their consent preferences. Learn more about how Fides can enable this for your business, for free.
Ethyca launched its privacy engineering meetup, P.x, where Fides Slack Community members met and interacted with the Fides developer team. Two of our Senior Software Engineers, Dawn and Steve, gave presentations and demos on the importance of data minimization, and how Fides can make data minimization easier for teams. Here, we’ll recap the three main points of discussion.
We enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!
Get a Demo