Data Minimization for Processing Purposes, v1.0
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 5(1)(c).
Assessment Step
|
1
Data Minimization for Processing Purposes (DataMinimizationforProcessingPurposes)
Does the entity ensure that personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (1)
|
Data Minimization for Processing Purposes
The data controller must ensure that personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Citation
GDPR
Art. 5(1)(c), Recital 39
|