startups
May 02, 2018

LawBite’s Countdown Checklist for GDPR | Part Three

By Lawbite Team

This week marks the half-way point in our weekly countdown checklist to GDPR, covering the six key principles of the legislation. So far we have covered Lawfulness and Transparency and Purpose Limitation. This week we’re talking about the third principle of the GDPR which is timely considering the recent ICO raid announcements. The deadline for compliance grows ever nearer - almost there guys!

Principle 3: The Data Minimisation Principle

This principle states that personal data collected shall be ‘adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed’ meaning that (i) you should only collect the data you need for the purpose you have stated and (ii) that you must ensure that the personal data you collect is sufficient for the purpose for which it is collected – the reasoning being that if you are collecting insufficient (for example, poor quality) data , it undermines the purpose for which it was collected. Together with principles four and five (watch this space!) principle 3 of GDPR covers information standards.

Though the GDPR does not define what it means by ‘adequate, relevant and not excessive’ these words do need to be considered both in the context of which the personal data is held and separately for each individual (or group of individuals). If you need to hold particular information about certain individuals only, make sure that this is what you are doing otherwise you risk the information being considered as irrelevant and excessive in relation to others.

In practice, data minimisation means identifying the minimum amount of data you need to collect to fulfill your purpose and ensuring that you have this data but no more. So any information that is ‘nice to have’ or not strictly necessary must not be collected post May 25th. Furthermore, anything that is irrelevant must also go. Holding data on the off-chance it might become relevant in the future will not be permitted. However, continuing to hold information for a foreseeable event (even if that event never occurs) is likely to be considered reasonable.

This may all feel like yet another GDPR hoop to jump through but think about it in simple terms: When you consider that the more personal data you hold the greater the risk to your organisation data minimisation is just common sense. Conducting regular audits of the data you collect and hold is a great way to ensure continued compliance – important questions to consider are: Why do we need this data? How and why are we planning to use the data? Is there a way of achieving this purpose without collecting this data? Bear in mind that this could change at any time – so do make sure these questions are always at the forefront of your mind both in relation to any data you already hold and in relation to any new data you collect.

Ultimately, data minimisation can be achieved through best practice in relation to the handling of data and observing the other key principles of GDPR. Getting in place clear procedures and making sure those that implement them internally are on board, will go a long way towards achieving compliance.

Next week part 4 – The Accuracy Principle….same time, same place next Wednesday!

To consult with Jessica, please submit an enquiry for a free 15-minute consultation or call our dedicated GDPR Hotline 0845 241 1843.

Also, we have put together a special LawBite Rescue GDPR Package for clients who need a little extra last-minute help with compliance. In addition to 12 GDPR compliant templates the package contains a 30-minute GDPR audit consultation and 2 hours of specific GDPR legal advice for only £495 + VAT (versus £675 + VAT).

If you haven't yet, please do take advantage of our next FREE GDPR Webinar on the 9th May at 12pm you can register here.

Journey further...

LawBite’s Countdown Checklist for GDPR | Part One LawBite's Countdown Checklist for GDPR | Part Two How LawBite works LawBite GDPR Rescue Package

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Read our latest blog posts on GDPR, featuring all the latest legal news, analysis and opinion from our expert lawyers.

By Lawbite Team
March 26, 2020

COVID-19: Remote working and protecting personal data

Many businesses have needed to adapt and embrace remote working. For many, this can raise new working practices and question how data is managed wi...

Gdpr, Coronavirus

By Lawbite Team
March 19, 2020

Data protection and Coronavirus - What you need to know

Coronavirus and its spread across borders is a concern for employers and employees. While employers will be concerned to ensure their business’ con...

Gdpr, Coronavirus

By Lawbite Team
January 30, 2020

Newsflash – ICO issue statement on GDPR compliance after Brexit

The ICO has published a statement on GDPR compliance after 31 January 2020 (the day that the UK leaves the European Union). There are no big surp...

Gdpr

LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

Talk To A Lawyer

Book A Call