Minimisation

The minimisation principle specifies that personal data shall be adequate, relevant and limited to the what is necessary in relation to the purpose of the processing.

This means that we should only collect the personal information that we need to meet the purpose of the processing.  Collection of too much personal data and too little personal data could result in a risk to the data subject, so we must ensure that we are collecting only that which is needed.

By keeping our collection of personal data to a minimum we will have fewer data items to protect and therefore be more efficient in our data protection practices.