Guide to Data Protection Law 2017 for Data Subjects

What are the principles of data protection?

Third Data Protection Principle - Data minimization

Data minimization means that an entity should only collect information that is necessary for the purpose and not more.

In practice

When you’re providing your information, ask yourself whether the information is needed. If you don’t think so, ask what the intended purpose is. If you still think you shouldn’t be required to provide the information but the organisation demands it, consider making a complaint to the Ombudsman.


If you shop at a supermarket, they should not require you to provide your phone number. An email provider you sign up with does not need to know your date of birth. Similarly, a credit card application should not require you to give the contact details of your closest living relative.

If you're interested in learning more about this topic, visit our guidance for organisations.

Previous Next