In all data processing, care must be taken to ensure the quality of the data used. This data must comply with the strict rules set out in Article 5 of the GDPR.
In particular, it must not be excessive in relation to the purpose of the processing. This is the principle of data minimisation.
The data minimisation principle
The principle of data minimisation stems from the purpose principle: it involves collecting strictly what the data controller needs to meet the defined purpose.
The data collected must be :
- Relevant: i.e. there must be a direct link with the purpose of processing, -** Limited** to what is strictly necessary.
1. Data relevance
To understand the principle of data relevance, a distinction must be made between mandatory data and optional data: mandatory data, even if relevant, must be limited to what is necessary. Optional data, on the other hand, can be requested, leaving the data subject the choice of whether or not to provide it.
To determine whether data should be minimised, we need to adopt the precautionary principle and ask ourselves a number of questions relating to data processing:
- What is my purpose?
- What data is essential to achieve this objective?
- Do I have the right to collect this data?
- Have I made a clear distinction between mandatory and optional data?
2. Data accuracy
Data must be accurate and, if necessary, kept up to date: "All reasonable steps must be taken to delete or rectify inaccurate data".
For example, inaccurate bank details can have a very negative impact on the person concerned: the institution might not record the repayment of a loan that has already been made.
3. Some special cases
- Date of birth
The date of birth is not relevant for all types of processing. For example, if the data controller wishes to know more about its electorate, it can collect only the age group concerned by the elections. On the other hand, this data can be collected on an optional basis at the time of collection.
- Video surveillance
Relevance also applies to video surveillance systems. The principle of minimisation applies to the choice of the number of cameras installed, their technical characteristics, the area to be filmed, etc.
The principle of minimisation applies to the choice of the number of cameras installed, their technical characteristics, the area to be filmed, etc. > Ex: ban on filming employees at their workstations, break areas, union premises and access to these specific premises, except in special circumstances (handling money, food dispensers, etc).
4. Some good practices:
1. Sort your data regularly.
Question the nature, quantity and accuracy of the data collected, particularly when you create or identify a contact form.
2. Look for less intrusive alternatives.
Always ask yourself whether a less intrusive solution exists.
3. Do not collect data as a precaution.
Ban all preventive data collection.
4. Remember to pseudonymise
Pseudonymise data whenever it is not necessary to store it in a directly identifiable form.
For example, for statistical purposes, pseudonymisation consists of replacing surnames and first names with random numbers.
5. Give preference to drop-down menus.
Limit the number of free comment zones / Use drop-down menus instead.