Consider data minimisation best practices in light of GDPR guidelines and recent US data privacy legislation.
The concept of data minimisation is that you don’t have to protect what you don’t have. It is a common principle of European privacy which has been recently adopted in the US.
This principle focuses on data governance – in particular, around what data is collected. Rather than focusing only on how long to keep data, companies must consider whether they need it in the first place.
This is not a control you need to pay to put in place – it’s just a matter of disciplined process and can be reflected in organisations’ internal policies and project design principles.
A useful checklist for companies operating in the EU and/or holding data belonging to EU data subjects
Do we only collect personal data we actually need for our specified purposes
Do we have sufficient personal data to properly fulfil those purposes?
Do we periodically review the data we hold, and delete anything we don’t need?
It is important for companies to ask themselves why they need the data they have collected. In addition to making sure that you gather only necessary information, you should periodically review the data you hold to ensure it is still relevant. Delete anything you no longer need.
The information set forth in this document is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Beazley has not examined and/ or had access to any particular circumstances, needs, contracts and/or operations of any party having access to this document. There may be specific issues under applicable law, or related to the particular circumstances of your contracts or operations, for which you may wish the assistance of counsel. Although reasonable care has been taken in preparing the information set forth in this document, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information.
It is important for companies to ask themselves why they need the data they have collected. In addition to making sure that you gather only necessary information, you should periodically review the data you hold to ensure it is still relevant. Delete anything you no longer need.
