Managing your data risk with data minimisation: when less is more

Every day a million people join the internet for the first time. This means more data. More data means more risk in storing it. Minimise your risk by only using what you need and be a bit greener at the same time.

Data is now big and getting bigger.

It’s not as though this growth is being discouraged. As we enter the 2020s, businesses are told to think big: big data, the internet of things (a network that is the definition of big) and artificial intelligence (big data’s big best friend).

However, what’s clear is that this focus on creating data means that other equally important concepts often struggle to get a look in, namely, getting rid of data securely when it’s no longer needed.

In other words, big data should go hand in hand with big clear outs.

What does the law say?

The law in the UK is clear on this: the data protection principles in the GDPR refer specifically to data minimisation.

Personal data must be ‘adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed’.

Or in the words of the UK’s ICO: ‘you should identify the minimum amount of personal data you need to fulfil your purpose. You should hold that much information, but no more’.

Perceived risks are increasing

The World Economic Forum in its Global Risks Report 2020 reiterates why this is important.

The percent of respondents who think data risks will increase in 2020 compared to 2019 is notable:

  • cyberattack: 76.1%
  • loss of privacy (to companies): 69.1%
  • personal identity theft: 63.8%

Of course, the more data you hold as a business, the more it could be attacked or compromised in some way – and incidents are rarely pleasant.

Put simply, if you are more focussed on what data you need in the first place and regularly purge your databases of unwanted data, you are helping to protect your business against those who’d like to harm it.

Getting buy in

Frustratingly, data minimisation is, at times, a big ask. The problem is that it is such a dull, technical term. It is the language of law, not the language of the everyday. To many, it feels abstract and obtuse.

But language matters. As Bill Bryson noted in his book on the English language, the Mother Tongue, we have an almost instinctive preference for simple Anglo-Saxon phrases: “we feel more at ease getting a hearty welcome than after being granted a cordial reception”. Like an unwanted guest at a data party, this may explain the uncordial reception that has greeted data minimisation over the years.

What’s more, it feels so much easier to gorge on data than try an oh-so-dull data diet.

The challenge for businesses is to work out how to engage with their key teams on this—to move from paying lip service to the idea, to adhering to the spirit and letter of the law.

Work with your internal comms teams to find out ways to engage key stakeholders in your business. Trial snappy straplines to hammer home the message of ‘less is more’. 

Cultural change is the bedrock on which true change in an organisation happens so getting senior management on board is also crucial. Reminding key team members of the recent eight-figure fines for breaching this principle can also help to focus minds (see: Berlin Commissioner for Data Protection imposes fine on real estate company).

Green, sustainable data

The Global Risks Report 2020 makes for grim reading in other areas, such as the environment, stating that the ‘world is on the brink of climate collapse’, adding, ‘today’s ecological footprint of mass data generated for and by AI—for example, the energy required to run servers—is already considerable’. A day after this report was published, on 16 January, Sir David Attenborough warned in a BBC News interview of a climate 'crisis moment'.

As we noted in our recent article 2020 predictions: Data privacy and protection, many businesses will need to start to looking at their use of data not only from a GDPR point of view but also from a corporate and social responsibility (CSR) standpoint: ‘it may take some time before data sustainability becomes the norm but it is arguably only a matter of time before activists cotton on to the impact of unnecessary data use and storage’.

We are now as close to 2050 than we are to 1990. It is almost impossible to conceive the amount of data that might exist in the years to come. Albert Einstein, go-to for wise quotes, said, ‘out of clutter, find simplicity. From discord, find harmony. In the middle of difficulty lies opportunity’. There are many challenges ahead, and nobody is asking for perfection in this area, but there are opportunities for companies to focus, declutter and find their data harmony. And, all being well, be greener at the same time.


This information is for general information purposes only and does not constitute legal advice. It is recommended that specific professional advice is sought before acting on any of the information given. Please contact us for specific advice on your circumstances. © Shoosmiths LLP 2024.



Read the latest articles and commentary from Shoosmiths or you can explore our full insights library.