Data Minimization | Siobhan Solberg, Privacy Expert and Creator
What is data minimization?
Well, I can assure that it’s not another buzzword.
Here’s how the GDPR defines it:
Data minimization implies that data controllers should collect only the personal data they really need, and should keep it only for as long as they need it
Organizations that collect data about their users and customers are essentially data controllers. They control the data they collect and store, and are therefore responsible for the consequences of that data being misused.
But that’s not all.
To stay compliant, organizations also need to make sure that:
They only collect and store customer data that they have received consent for
They do not continue storing any data that they’re supposed to delete from all their systems
The practice of Data Minimization ensures that organizations only collect and store data that they have an identified need for – they know why they’re collecting the data and how they’re going to use that data to elevate the end-user experience.
Knowing the purpose enables organizations to easily keep users and regulators informed about what data is being collected, how it’s being collected, and where exactly the data is being used.
It also makes it easy for users to opt out from certain data collection practices because they know exactly what they will be losing out on – customers need not continue sharing data for fear of losing access to a service or being subjected to a degraded experience.
Here’s why the practice of data minimization is becoming critical:
It’s becoming the norm for organizations to collect all the data from all the sources and store it all in the data warehouse.
While there are unequivocal benefits of making diverse datasets accessible across an org, the practice of dumping everything into the warehouse is fueling the rise of “data swamps”.
The idea that the data warehouse or data lake is at risk of turning into a swamp is very real.
Disconnect between data teams that implement data collection initiatives and non-data teams that use the data in their everyday tools is typical, and this disconnect is one of the main causes for a swamp.
A data swamp implies that there’s more than manageable raw data in the organization’s internal data store (warehouse, lake, lakehouse, cloud, whatever), that not only leads to high storage cost but also makes it harder for the org to get rid of data to fulfill DSRs (data subject requests), increasing the risk of non-compliance.
Therefore, organizations that are serious about adopting privacy-friendly personalization practices must consider adopting the practice of Data Minimization and they should do it sooner rather than later.
But don’t take my word for it.
Instead, hear it from Siobhan Solberg, a privacy expert, consultant, and content creator who has taken it upon herself to educate marketing teams on how they can embrace privacy practices in their day-to-day workflows, while also doing a great job of marketing Privacy.