The focus, on minimization

It is very difficult to give a single piece of advice to start understanding data protection. It is impossible, in fact. This area is so broad and allows for such diverse approaches that establishing a first, univocal and general step would even be reckless. 


However, now that we have shown the cards, since we cannot save the ace for last, which can be very diverse, we can focus in the first instance on one of the most relevant concepts of the General Data Protection Regulation (GDPR), minimization. 


Only what is necessary and justified. The principle of data minimization is crucial in safeguarding the privacy of European citizens in the digital age, and despite being essential, it is often forgotten or ignored by many companies. However, undertaking data minimization is not only a legal obligation, but also a responsible business practice that can build trust and improve customer relationships. 


Data minimization involves collecting, processing and storing only the personal information that is strictly necessary for a specific purpose. This must always be kept in mind, whatever the business activity, because it will be strange not to have to make a decision along these lines at many times for all kinds of companies, institutions or associations. 


Without going any further, typical customer registration forms, which include names, addresses or phone numbers, must ensure that this information is necessary for the service or product they offer. An online bookstore may need this data to fulfill an order, but gender, age, leisure preferences or marital status, information that is not essential to the transaction, are best avoided. 

 
You may have recently heard about the case of photocopies of ID cards for certain procedures, following a publication on the subject by the Spanish Data Protection Agency, or the scanning of fingerprints to access offices or gyms.

 
To ensure compliance with the principle of data minimization, we can keep in mind several good practices that must begin with a thorough review of all data collection, storage and processing processes to identify and eliminate unnecessary information. And since minimizing does not mean that there are few, because sometimes the necessary data can be many and even sensitive, the next thing is to ensure the implementation of access controls to guarantee that only authorized personnel have access to all that personal data. If, in addition, we achieve a certain level of anonymization and pseudonymization to protect the data, we will have already achieved a giant step. Above all, considering that complying with the principle of data minimization is not only a legal requirement, but also an ethical and responsible practice and that, today, also has value.

Related articles

Scroll to Top