Skip to main content

Looking Ahead

Consider data minimisation best practices in light of GDPR guidelines and recent US data privacy legislation.

The concept of data minimisation is that you don’t have to protect what you don’t have. It is a common principle of European privacy which has been recently adopted in the US.

This principle focuses on data governance – in particular, around what data is collected. Rather than focusing only on how long to keep data, companies must consider whether they need it in the first place.

This is not a control you need to pay to put in place – it’s just a matter of disciplined process and can be reflected in organisations’ internal policies and project design principles.

A useful checklist for companies operating in the EU and/or holding data belonging to EU data subjects
  • Do we only collect personal data we actually need for our specified purposes
  • Do we have sufficient personal data to properly fulfil those purposes?
  • Do we periodically review the data we hold, and delete anything we don’t need?


The information set forth in this document is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Beazley has not examined and/ or had access to any particular circumstances, needs, contracts and/or operations of any party having access to this document. There may be specific issues under applicable law, or related to the particular circumstances of your contracts or operations, for which you may wish the assistance of counsel. Although reasonable care has been taken in preparing the information set forth in this document, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information.