Some of the principles of the General Data Protection Regulation (GDPR) look nice on paper, but it can be hard to implement them.
The principle of «data minimisation», for instance, states that personal data must be «adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed» (Art. 5(1)(c) GDPR). It is a principle that applies at every stage of the lifecycle of personal data: only collect the data that you need, only analyse or use the data that you need, only store the data that you need – and only as long as you actually need it (the sister principle of «storage limitation» has strong ties with data minimisation). But how can you identify what you actually need?
Likewise, the principle of «integrity...
|