Data Minimization
The principle of collecting only the data that is necessary for a specific purpose, reducing the risk of misuse or breach.
Definition
A privacy best practice and legal requirement (e.g., under GDPR) that limits data collection to the minimum fields needed for a given use case. It reduces exposure to breaches and simplifies compliance by avoiding unnecessary sensitive data. Implemented via requirements analysis, collection forms that enforce field restrictions, and periodic data-purging routines to delete obsolete records.
Real-World Example
A ride-hailing app redesigns its signup flow to collect only name, email, and payment info—removing optional profile fields like “home address.” They also schedule quarterly scripts to purge GPS logs older than 30 days, minimizing data-breach impact and simplifying consent management.
.svg)
