Data minimisation
Data minimisation is a core data protection principle requiring that personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. Controllers should not collect data "just in case" it may be useful in the future. Any data collected beyond what is strictly necessary for the stated purpose represents an unnecessary privacy risk.
DPA reference
Data Protection Act 2020
Related terms in Obligations
Anti-money laundering
Legal obligations requiring firms to detect and report financial crime.
Conflict of interest
A situation where a professional's duty to one client may be compromised by duties to another party.
Data breach notification
The legal requirement to report personal data breaches to the OIC within 72 hours.
Data protection by design
The obligation to build data protection into systems and processes from the start, not as an afterthought.