Data Protection and GDPR Level 3 for Managers and Business (VTQ)

64 videos, 2 hours and 55 minutes

Course Content

Data minimisation

Video 14 of 64
1 min 27 sec
English
English
Want to watch this video? Sign up for the course or enter your email below to watch one free video.

Unlock This Video Now for FREE

This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.

GDPR Compliance: Principle of Data Minimisation

Overview

The principle of data minimisation states:

“Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.”

Comparison with the 1998 Data Protection Act

Similar to the third principle of adequacy in the 1998 Data Protection Act.

Key Differences under GDPR

Under GDPR:

  • Demonstration: Must demonstrate appropriate processes to collect only necessary data.
  • Assessment: Assess data held to determine necessity for processing.
  • Unlawful Holding: Holding unnecessary data for longer than necessary may be unlawful.

Compliance Guidelines

Guidelines for compliance:

  • Assessment: Assess data held to ensure relevance to processing purposes.
  • Collection: Only collect data necessary for processing purposes.
  • Justification: Justify each type of data processed to ensure necessity.

Accountability

Failure to demonstrate assessment of minimum necessary data may breach the accountability principle.

Conclusion

Ensure compliance by:

  • Request: Do not request unnecessary information.
  • Documentation: Make a list of processed data and justify each type.