What is Data Minimisation?

Data minimisation is the principle that only personal data that is adequate, relevant, and limited to what is necessary for a specific purpose should be collected and used. In AI compliance, it matters because it reduces privacy risk and helps justify training, inference, and monitoring data choices.

In Depth

In practice, data minimisation means reviewing whether each data field, feature, log entry, or training set element is actually needed for the stated AI purpose, and deleting or excluding what is not. For AI systems, this can affect model training datasets, prompts, telemetry, output logs, and human review workflows, especially when personal data or sensitive data may be involved.

This principle is central to the GDPR and is also relevant to other privacy regimes that expect organizations to limit collection and processing to what is necessary. Compliance teams often connect data minimisation to data governance, retention controls, access restrictions, and privacy-by-design measures, including under ISO 27001 and ISO/IEC 42001 when managing AI-related information assets.

Related Frameworks

EU AI ActISO 27001ISO/IEC 42001

Related Topics

Data GovernanceAlgorithmic DiscriminationTransparency

Related Terms

Training Data InventoryAi Model Training On Personal DataAi Generated Inferences As Special Category Data

Weekly digest — coming soon

Leave your email to get the first issue when it ships. Free, no account required.

We use your email only for the digest. Privacy policy