The European General Data Protection Regulation (GDPR) often refers to the principle of data minimization. But what does this mean, and how can it be applied in practice?
The EU website states the following: “The principle of “data minimisation” means that a data controller should limit the collection of personal information to what is directly relevant and necessary to accomplish a specified purpose. They should also retain the data only for as long as is necessary to fulfil that purpose. In other words, data controllers should collect only the personal data they really need, and should keep it only for as long as they need it.”
But what is necessary? In the following, I will give you an example of how I was able to implement data minimization in a new project.
Verification of training certificates
One of my customers has to train his employees so that they can use certain devices. The training certificates are printed out and kept. So if an employee wants to use the device, the employee has to look for the corresponding certificate at reception, and it cannot be verified whether the printout was really generated by the training system.
Now they wanted us to build an admin area in which the certificates are displayed so that reception can search for it in this area.
The first name, surname, birthday etc. of the employees should be saved with the certificate for a long time.
What does the GDPR say about this?
I need the data so that reception can see and check everything. It is necessary! Or is it not?
Let’s start with the purpose of the request. The customer wants to verify whether an employee has the certificate.
If I want to display a list of all employees in plain text, I need the data. But is this the only solution to achieve the purpose, or can I perhaps find a more data-minimizing option? The purpose says nothing about displaying the names in plain text. A hash comparison, for example, is sufficient for verification, as is usually done with passwords.
So, how do I implement the project? Whenever I issue a certificate, I hash the personal data. In the administration area, there is a dialog in which the recipient can enter the personal data to check whether a valid certificate is available. The data is also hashed, and a hash comparison is used to determine the match.
Instead of an application that juggles a large amount of personal data, my application no longer stores any personal data at all. And the purpose can still be achieved.
Conclusion
Data minimization is therefore not only to be considered in the direct implementation of a function. Data minimization starts with the design.
Schneide Blog 
Great article!