data minimisation

Data minimisation is a data protection and information governance principle that requires organizations to collect, process, and retain only the minimum amount of data necessary for clearly defined purposes. In regulated environments this usually refers to personal data under privacy regulations such as GDPR, but similar ideas also apply to sensitive operational or industrial data.

Key elements of data minimisation

In practice, data minimisation commonly includes:

• Purpose limitation: defining specific, legitimate purposes for data collection before data is captured.
• Limited scope of data fields: avoiding collection of data attributes that are not needed for the stated purpose (for example, not storing a worker’s home address in a production MES if only an operator ID is required).
• Restricted access: limiting access within systems so only roles that need certain data to perform their tasks can view or use it.
• Retention control: keeping data only as long as it is needed for the defined purpose, then deleting or irreversibly anonymizing it.
• Regular review: periodically checking forms, interfaces, integrations, and reports to confirm that collected data is still necessary.

In industrial and manufacturing environments

In manufacturing, data minimisation typically appears in the design and operation of OT/IT systems such as MES, ERP, quality systems, and maintenance platforms. Examples include:

• Configuring user accounts with unique IDs instead of full personal profiles where not required.
• Capturing only necessary personal data about operators in electronic batch records or device history records.
• Limiting export of detailed production logs that contain identifiable worker data when building analytics datasets.
• Designing integrations so that only required fields are exchanged between MES, ERP, LIMS, and HR systems.

Under regulations such as GDPR, data minimisation is a core principle for processing personal data of individuals. In this context, it applies across the full lifecycle of personal data used in industrial operations, including access control logs, training records, visitor logs, and supplier contact information.

What data minimisation is not

• It is not a requirement to avoid all data collection. It focuses on collecting only what is justified by a clear, documented purpose.
• It is not the same as general data compression or storage optimisation, which target technical efficiency rather than the necessity of the data itself.
• It is not limited to IT security controls, although secure handling supports data minimisation goals.

Common confusion

• Data minimisation vs. data masking/anonymisation: Data masking and anonymisation are techniques to obscure or remove identifiers within data. Data minimisation addresses whether the data, masked or not, needs to be collected or retained in the first place.
• Data minimisation vs. data retention policy: Retention policies focus on how long data is kept. Data minimisation covers both whether data is collected and how long it is retained.

Link to ISO 27001 and GDPR

In contexts where both ISO 27001 and GDPR are relevant, data minimisation is treated differently but can be aligned. GDPR describes data minimisation as a core principle for processing personal data. ISO 27001 focuses on information security management; organizations may use its controls and governance structures to support implementing data minimisation, for example through access control, asset management, and periodic reviews of logged and stored data.