Collect only the personal data you actually need for your purpose — no more.
Data minimisation is one of the core principles: personal data must be adequate, relevant and limited to what is necessary for the purpose it is processed for.
In practice it means not collecting 'just in case' data, and deleting what you no longer need.
In the Regulation
Related terms
Purpose limitationCollect data for specified, explicit purposes and don't reuse it in incompatible ways.Storage limitationKeep personal data in identifiable form only as long as you need it — then delete or anonymise.Data protection by design and by defaultBuilding data protection into systems from the outset, and defaulting to the most privacy-friendly settings.
Need this applied to your business?
Our data-protection lawyers turn GDPR terms into a working plan.