33—Elements for principle of data minimization

33. The elements necessary to implement the principle of data minimization include—

(a)  avoiding the processing of personal data altogether when this is possible for the relevant purpose;

(b)  limiting the amount of personal data collected to what is necessary for the purpose;

(c)  ability to demonstrate the relevance of the data to the processing in question;

(d)  pseudonymising personal data as soon as the data is no longer necessary to have directly identifiable personal data, and storing identification keys separately;

(e)  anonymizing or deleting personal data where the data is no longer necessary for the purpose;

(f)  making data flows efficient to avoid the creation of more copies or entry points for data collection than is necessary; and

(g)  the application of available and suitable technologies for data avoidance and minimization.

 

125  PART V—ELEMENTS TO IMPLEMENT DATA PROTECTION BY DESIGN OR BY DEFAULT