Phone icon +45 45 34 44 00
Book meeting

Documentation

7. Minimize Data Collection

You should only collect personal data that is relevant, necessary, and proportionate to the purposes for which it is processed, as defined at the time of collection.

Before Collection: Consider What Data You Need and Limit Yourself to the Strictly Necessary.

  • Think about the different types of data to be collected before an application is implemented, and document these considerations.

  • If specific data is not needed for a particular user group, do not collect it.

  • Process and store data in a way that reduces precision (similar to pseudonymization). For example, you can store only birth year instead of a full birth date if only the year is needed.

  • If you collect particularly sensitive data such as health information or information about criminal offenses, make sure you only collect the absolutely necessary. Due to legal restrictions, the simplest solution is often not to collect them at all if you can do without them.

  • Also minimize the amount of data in log files, and do not store sensitive or critical data (e.g., health information, passwords, etc.).

  • Some features can improve the user experience but are not strictly necessary for your application to function correctly (e.g., geolocation to simplify a geographic search). In these cases, the end user must be able to choose whether to use the feature or not. If the user agrees, the collected data may only be stored for the time period necessary for the feature and must never be used for other purposes.

  • Remember to associate retention periods with each data category, depending on the purpose of the processing and the legal or regulatory requirements for retention. Log files must also have a fixed retention period. Document the established retention periods, as you must be able to justify them.

When Data is Collected: Set Up Automatic Deletion Mechanisms.

  • Implement an automatic deletion/cleaning system when data expires. You can also schedule periodic manual reviews of stored data.

  • To ensure complete deletion, you must physically delete all data that is no longer needed using specialized tools or by destroying the physical media.

  • If the data is still useful, you can reduce its sensitivity by applying pseudonymization or even anonymization. With pseudonymization, however, the data still remains subject to personal data rules (see Sheet 1).

  • Log the automatic deletion procedures. The associated log files can be used as documentation of data deletion.

Need a penetration test?

Contact us for a no-obligation conversation about your security needs.

Contact us