Data Minimization
What is Data Minimization?
Data MinimizationA privacy principle requiring organizations to collect, process, and retain only the personal data that is strictly necessary for a defined, lawful purpose.
Data minimization, codified in GDPR Article 5(1)(c) and echoed in the OECD Privacy Guidelines, means limiting the volume, granularity, and lifespan of personal data to what is adequate, relevant, and necessary for a specified purpose. Teams operationalize the principle by challenging each data field at design time, redacting unneeded attributes, avoiding free-text capture, sampling instead of storing full logs, and applying short retention windows. It complements purpose limitation and storage limitation and reduces breach impact, DSAR scope, and regulatory exposure. Combined with pseudonymization, masking, and aggregation, minimization is one of the most cost-effective privacy controls available to engineering and analytics teams.
● Examples
- 01
A signup form removing the "date of birth" field because age is only needed as a 18+ boolean.
- 02
Truncating IP addresses in web analytics to the first three octets to reduce identifiability.
● Frequently asked questions
What is Data Minimization?
A privacy principle requiring organizations to collect, process, and retain only the personal data that is strictly necessary for a defined, lawful purpose. It belongs to the Privacy & Data Protection category of cybersecurity.
What does Data Minimization mean?
A privacy principle requiring organizations to collect, process, and retain only the personal data that is strictly necessary for a defined, lawful purpose.
How does Data Minimization work?
Data minimization, codified in GDPR Article 5(1)(c) and echoed in the OECD Privacy Guidelines, means limiting the volume, granularity, and lifespan of personal data to what is adequate, relevant, and necessary for a specified purpose. Teams operationalize the principle by challenging each data field at design time, redacting unneeded attributes, avoiding free-text capture, sampling instead of storing full logs, and applying short retention windows. It complements purpose limitation and storage limitation and reduces breach impact, DSAR scope, and regulatory exposure. Combined with pseudonymization, masking, and aggregation, minimization is one of the most cost-effective privacy controls available to engineering and analytics teams.
How do you defend against Data Minimization?
Defences for Data Minimization typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Data Minimization?
Common alternative names include: Minimal Data Collection, Need-to-Know Data.
● Related terms
- privacy№ 856
Privacy by Design
An engineering and governance approach that embeds privacy considerations into systems, processes, and defaults from the earliest design stages rather than bolting them on later.
- privacy№ 284
Data Retention
The policies and controls that define how long different categories of data are kept and when they are securely deleted, archived, or anonymized.
- privacy№ 875
Pseudonymization
A technique that replaces direct identifiers in personal data with reversible aliases, so that the data can no longer be attributed to an individual without additional, separately kept information.
- privacy№ 274
Data Anonymization
Irreversibly transforming personal data so that no individual can be identified, directly or indirectly, even when combined with other available information.
- compliance№ 440
GDPR
The European Union's General Data Protection Regulation governing the processing of personal data of individuals in the EU and EEA.
- privacy№ 276
Data Classification
The process of labeling data by sensitivity and value so that the right protection, handling, and retention controls can be applied consistently.