Implementing Regulation of PDPL Article 19 says controllers are required to only collect and retain personal data that is strictly necessary to fulfill a specific, legitimate purpose. This principle emphasizes that excess or unrelated data must not be collected or kept. The decision on what qualifies as “necessary” should be based on documented mappings or other justified means, and overcollection is explicitly discouraged.
Only collect and retain what you truly need—nothing more.
The Controller shall collect only the minimum amount of Personal Data necessary to achieve the purpose of the Processing, and ensure the following:
Implementing Regulation of PDPL Article 19 (1) (a)
Limit Data Collection
Collecting only the necessary Personal Data that is directly related to the purpose of Processing, and this shall be determined using appropriate means, including data maps that indicate the need for each collected data and link it to each objective of the Processing or other means.
Implementing Regulation of PDPL Article 19 (1) (b)
Avoid Unnecessary Data
Provide necessary care to achieve the purpose of the Processing without collecting unnecessary Personal Data.
Implementing Regulation of PDPL Article 19 (2)
Minimize Data Retention
The Controller shall retain the minimal Personal Data necessary to achieve the purpose of the Processing.
Explanation of Implementing Regulation of PDPL Article 19
Only gather data directly tied to the purpose:
Implementing Regulation of PDPL Article 19 (1) (a) says, controllers must identify what data is essential using means like data maps, and link each data point to its purpose.
Don't collect irrelevant or excessive data:
Implementing Regulation of PDPL Article 19 (1) (b) says, controllers should exercise care to ensure they do not gather personal data that is not needed for their purpose.
Keep only what’s necessary to fulfill the processing purpose:
Implementing Regulation of PDPL Article 19 (2) says, even after collection, data retention must be limited to the minimum necessary for achieving the stated purpose.
