GDPR Compliance Journey - 12 Data Minimisation

Gydeline
17 May 201803:08

Summary

TLDRIn this video, Mike Savile from Guideline discusses the concept of data minimization in compliance. He emphasizes that organizations should only collect and process data that is essential for their operations. Examples include a streamlined signup process for a free cyber essentials service and a contact form that requests only necessary information. The video encourages viewers to review their data collection and processing practices, advocating for the elimination of unnecessary data to simplify compliance.

Takeaways

  • 📝 Data Minimization is about collecting and processing only the data that is necessary.
  • 📑 Two aspects of minimization are emphasized: the amount of data collected and the information processed.
  • 🛑 Only collect data that is required for the intended purpose.
  • ✅ Ensure that the data processing aligns with the data collected, avoiding unnecessary processing.
  • 📝 Example provided: Collecting only first name, last name, email, company name, and job role for a free cyber essentials service.
  • 📧 Email address is crucial for communication, and company name helps manage multiple accesses per company.
  • 🔑 Job role is necessary for appropriate access within the system.
  • 📞 Phone and company address are optional but can be useful for future contact.
  • 📣 Another example: Signing up for free resources requires only first name, last name, and email.
  • 📬 Website contact form includes optional fields like phone number for potential callbacks.
  • 🗑️ Encourages the audience to review their data collection and processing practices and remove unnecessary information.
  • 🔒 The next topic to be discussed is technical measures for data protection.

Q & A

  • What is the main topic of the video?

    -The main topic of the video is data minimization in the context of compliance and how it applies to collecting and processing information.

  • What does data minimization involve according to the video?

    -Data minimization involves only collecting or receiving the information you actually need and only processing the information that is necessary.

  • What are the two respects in which data minimization applies?

    -Data minimization applies to how much data you collect or receive and the information that you actually process.

  • What is an example of data minimization given in the video?

    -An example given is the simple form people complete when signing up for the free cyber essentials service, which only asks for first name, last name, email address, company name, and job role.

  • Why is the company name requested in the sign-up form?

    -The company name is requested because sometimes more than one access per company is given, and it helps associate multiple email addresses with a single company.

  • What is the purpose of asking for the job role of the person signing up?

    -The job role is asked for to identify and appropriately give access within the system to the person signing up.

  • What is the purpose of collecting phone and company address in the sign-up form?

    -Phone and company address may be useful if contact is needed in the future, but it is not mandatory for the sign-up process.

  • What is the purpose of the sign-up form for free resources and templates?

    -The form is used to notify people about free resources and templates, and it only requires first name, last name, and email for this purpose.

  • What additional information is requested on the website contact form?

    -The website contact form requests name, email, phone number (optional), a description of the request, and an agreement for processing the information for stated reasons.

  • What advice does the video give regarding data collection and processing?

    -The video advises to look at what is being collected and processed, cut out any unnecessary information, and delete it from systems to achieve data minimization.

  • What will be the topic of the next video in the series?

    -The next video will be about technical measures in the context of compliance.

Outlines

00:00

📊 Data Minimization Essentials

In this video, Mike Savile discusses the concept of data minimization, emphasizing its importance in compliance with the General Data Protection Regulation (GDPR). He explains that data minimization involves two key aspects: collecting only the necessary data and processing only the required information. The video provides examples from their own services, such as the Cyber Essentials subscription form, which collects minimal data like first name, last name, email address, company name, and job role. It also touches on the sign-up process for free resources and templates, which only requires basic contact information. The video concludes with a call to action for viewers to review their data collection and processing practices, urging them to eliminate unnecessary information from their systems to maintain compliance.

Mindmap

Keywords

💡Data Minimization

Data minimization refers to the practice of collecting, processing, and storing only the minimum amount of data necessary to fulfill a specific purpose. In the context of the video, it is the core principle for ensuring compliance with data protection regulations. The script illustrates this by discussing how the company only collects essential information such as names, email addresses, and company names from users signing up for their services.

💡Compliance

Compliance in this video refers to adherence to data protection laws and regulations that govern the collection and processing of personal data. The theme of the video is centered around the importance of data minimization as a compliance strategy. Compliance is emphasized through the examples given, where the company intentionally limits the data it collects to maintain legal and ethical standards.

💡Personal Data

Personal data includes any information relating to an identified or identifiable individual. The video script highlights the types of personal data collected, such as first name, last name, email address, and company name, which are necessary for providing services or communication. The concept is integral to the video's message on minimizing unnecessary data collection.

💡Cyber Essentials Service

Cyber Essentials Service is a specific offering mentioned in the script that provides a free subscription to users. It serves as an example to illustrate the concept of data minimization, as the service only requires a basic form with essential personal information to establish a subscription.

💡Subscription

A subscription in the context of the video is a service agreement where users sign up to receive regular updates or access to certain resources. The script uses the term to describe how the company creates subscriptions with minimal data collection, emphasizing the importance of data minimization in their process.

💡Free Resources and Templates

The script mentions the provision of free resources and templates as a service where users can sign up to be notified. This is another example demonstrating data minimization, as the company only asks for the user's first name, last name, and email, which are the minimal details required to notify them about these resources.

💡Processing

In the context of data protection, processing refers to any operation performed on personal data, such as collection, storage, or use. The video emphasizes that companies should only process the data that is necessary for their services, as seen in the examples provided where the company limits the data it processes.

💡Consent

Consent is a crucial aspect of data protection, where individuals must give their permission for their data to be used in specific ways. The video script implies the importance of obtaining consent through the mention of an agreement on forms, ensuring that data processing is done for stated reasons and with user permission.

💡Technical Measures

Technical measures are actions or tools used to protect data and ensure compliance with data protection regulations. Although not the main focus of the video, the script mentions that the next topic will be about technical measures, suggesting that they are part of a broader strategy for data minimization and compliance.

💡Contact Form

A contact form is a method for users to submit their inquiries or requests to a company. In the script, it is mentioned as a place where users can provide optional information such as name, email, and phone number. The form also includes an agreement about data processing, which is related to the video's theme of data minimization and consent.

💡Data Protection Regulations

Data protection regulations are legal frameworks that govern the collection, processing, and storage of personal data. While not explicitly named in the script, the entire video revolves around the concept of adhering to such regulations through the practice of data minimization.

Highlights

Introduction to the concept of data minimization in the context of GDPR compliance.

Data minimization applies to the amount of data collected and the extent of data processing.

Only collect or receive the information that is actually needed.

Process only the information that is necessary for the purpose.

Guideline's approach to choosing what data to process and collect.

Example of data collection through a simple form for a free cyber essentials service.

Details collected include first name, last name, email address, company name, and job role.

Explanation of why each piece of information is collected for the subscription service.

Optional collection of phone and company address for potential future contact.

Demonstration of data minimization in the creation of a free subscription in the guideline system.

Another example of data collection for notifying about free resources and templates.

Limited data request for sign-ups: first name, last name, and email.

Explanation of why additional details are not necessary for the notification service.

Overview of the website contact form and its data collection practices.

Optional fields in the contact form and their potential uses.

Emphasis on the agreement for data processing for stated reasons on all forms.

Encouragement to review and reduce unnecessary data collection and processing.

Teaser for the next video topic: technical measures for data protection.

Transcripts

play00:02

[Music]

play00:04

hello and welcome back to the guideline

play00:07

GDP our compliance journey I'm Mike

play00:10

savile and this time we're talking about

play00:12

data minimization now this is going to

play00:16

be quite a brief video and just start by

play00:21

saying that minimization applies in two

play00:24

respects one how much data you collect

play00:28

or receive you should only collect or

play00:31

receive the information you actually

play00:34

need and then the information that you

play00:37

actually process you should only process

play00:39

the information that you actually need

play00:41

and so if you only collect what you need

play00:43

in any process that what you need then

play00:45

you are doing everything you need to do

play00:47

in terms of minimization so that

play00:50

guideline we're lucky we have the option

play00:53

to choose what we process and choose

play00:57

what we collect so a few simple examples

play01:00

of that when people sign up to our free

play01:05

cyber essentials service they complete a

play01:08

simple form which has their first name

play01:10

their last name their email address so

play01:13

that we can contact them about this free

play01:15

subscription their company name because

play01:19

sometimes we give more than one access

play01:21

per company so we need the company

play01:24

associated with many email addresses and

play01:26

the job role of the person so we can

play01:29

identify and appropriately give them

play01:31

access within the system we then have

play01:34

phone and company address which may be

play01:37

useful if we need to contact them in the

play01:38

future but it isn't mandatory on the

play01:40

forum and that is it that's all the

play01:43

information we collect and that's all

play01:45

the information we process when it comes

play01:47

to creating a free subscription in the

play01:50

guideline system another example is on

play01:54

some pages of our website people have

play01:57

the ability to sign up to be notified

play01:59

about free resources and templates that

play02:02

we give them and here we purely ask for

play02:06

first name last name and email we don't

play02:09

need any other details to tell them

play02:10

about three resources

play02:12

and that's the only information that we

play02:14

process on their individual finally a

play02:19

quick look at our website contact form

play02:21

where again name and email phone number

play02:24

is optional but might be needs if you'd

play02:27

like us to phone you back a description

play02:29

of your request and then as we do on all

play02:32

our forms an agreement that we're going

play02:34

to process it for the reasons we've

play02:36

stated so really quick video that's all

play02:40

you want sale minimization we've cut

play02:42

down what we collect which in turn cuts

play02:44

down what we have process and we just

play02:47

encourage everybody to look at what

play02:49

they're collecting and processing and

play02:50

just cut out any information that you

play02:53

don't need and delete it from your

play02:55

systems so I hope you found that very

play02:58

useful next time we're going to talk

play03:00

about technical measures so until then

play03:03

we hope you find your compliance simple

Browse More Related Video

GDPR Compliance Journey - 10 Portability

GDPR Compliance Journey - 19 Review and Wrap up

GDPR Compliance Journey - 13 Technical Measures

GDPR Compliance Journey - 11 Rights

GDPR Compliance Journey - 14 Process Documentation

GDPR Compliance Journey - 18 Reviews and Third Party Reviews

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
Data MinimizationCompliance GuidePrivacy Best PracticesInformation CollectionData ProcessingCyber EssentialsFree SubscriptionResource NotificationsContact FormsCompliance TipsData Protection