Glossary

Data minimisation

Data minimisation, a GDPR principle (Art. 5(1)(c)), is the rule that you should only collect, use, or otherwise process the personal data a purpose actually needs, and no more. Capturing extra data 'just in case' is the exact thing it forbids.

In code

It breaks when a change starts carrying more personal data than the feature needs: an event that sends the whole user object, a log that records a full request, an integration that receives fields it never uses.

GDPR data minimisation in code
Guide: catching a GDPR retention bug

Get early access ← All terms