Data Minimisation - should I care?
Hello,
It's been an intense few weeks here so we will keep it short with an email on Data Minimisation and how it affects your marketing data while I keep on digging through piles of research for the next deep dive email on Data Clean Rooms (fun fun).
What is Data Minimisation?
Data minimisation is one of the guiding principals of the GDPR and also mentioned in most US privacy laws (California, Colorado, Utah, Virginia, and Connecticut).
The GDPR states (Article 5(1)(c))
1. Personal data shall be:
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation)”
Essentially it's saying to only collect the data needed to run your business - not more.
What does that mean for marketing?
Only collect that data you can action on - nothing more.
It means that you need to develop a clear data strategy and fully understand what the purpose of each data point is that you collect.
There has to be a purpose behind every piece of data you are collecting.
Is Data Minimisation worth it?
I think it is. I've been telling clients for years to only collect the data that they can action on - data that drives decisions. It allows for clarity and reduces the time looking for insights - it's easy to get lost in a table full of useless data.
But, if that is not enough, here are some additional ways data minimisation can help your business:
Help you determine what data to collect, process, and store (and for how long to store it).
Help discover what unnecessary data you are collecting.
Help expose any risks your data is exposed to while collecting, processing, and storing.
Help limit the amount of personal data you are collecting.
Help reduce the risk of a breach by limiting the amount of data you are collecting, processing, and storing.
Help reduce time spent looking for insights in your larger-than-life data mess.
Help reduce operational costs such as cloud storage, etc.
Data minimisation is not only about privacy, compliance, and reducing risks. It's about making your data more accessible and being able to action on the data you have.
Interesting Reads:
Bit dry a read but helpful to understand how GDPR and US privacy laws measure up (especially helpful if you to the US laws while already GDPR compliant)
Top areas companies miss the mark re: CPPA - are you one of them?
Does GDPR come with prison time?
Closing thoughts:
Keep it simple and only collect data that has a purpose and drives decision making.
Until next time,
Siobhan