Data Minimization

Data Minimization is a privacy concept that's written into GDPR and is a best-practice for privacy-conscious businesses worldwide. It holds that businesses should collect and process only the bare minimum amount of data needed to accomplish a goal.

Data Minimization is a privacy concept that’s written into GDPR and is a best-practice for privacy-conscious businesses worldwide.

It holds that businesses should collect and process only the bare minimum amount of data needed to accomplish a goal.

That means you should:

  1. Collect only the data you need
  2. Store it for only the amount of time you need it
  3. Give data access to only the people who need it for a business task

Seems straightforward, right? In practice, data minimization is a pretty radical change for a lot of businesses. It forces them to take a “ready, aim, fire” approach to the data they use instead of the scatter gun approach that was common before digital privacy became a concern.

Data Minimzation’s Impact On Business Practices

In particular, adhering to a principle of data minimization forces businesses to get serious about Data Entitlements within their organization. Sharing data internally becomes a closely controlled process. Questions like, “Could you put that list of email addresses on this flash drive?” or “Could I get your login for the CRM?” can no longer be answered with a yes — in fact, they can no longer be asked.

In Europe, there have been GDPR fines specifically for “non-adherence to the principles of data minimization.” While there aren’t similar penalties under the CCPA or other US privacy laws, it remains an excellent business practice to ensure that a business’s data operation is lean, efficient, and low-risk.

Recently, Ethyca CEO was in conversation with the Regional Head of BCG Venture, Paul Hunyor, at the World Economic forum in Davos Switzerland. Their conversation touched on challenges posed by Data Minimization and other privacy best practices. You can listen below:

Fides enables developers to check for privacy compliance directly in the CI pipeline, proactively addressing risk and compliance according to resource annotations and Fides policies.

Ready to get started?

Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!