Privacy Digest

As the amount of personal data collected and processed  by organisations continues to increase, the need for  responsible data processing is paramount. Among the  core principles guiding responsible data protection are Data Minimisation and Purpose Limitation. These foundational principles embedded in the NDPA, play  crucial roles in shaping how data is collected and  processed by organisations. They emphasise that data controllers/processors must be accountable for data  collected and ensure that personal data is:

• “collected for specified, explicit, and legitimate purposes,  and not to be further processed in a way incompatible  with these purposes” (See NDPA Section 24 (1)(b) – Purpose  Limitation);”
  
  
• “adequate, relevant, and limited to the minimum necessary for the purposes for which the personal data  was collected or further processed” (See NDPA Section 24(1) (c) – Data Minimisation).”

While the NDPA is more recent, other prominent  privacy regulations such as the EU GDPR also reference similar requirements for Data Minimisation and Purpose  Limitation. Compliance with these requirements will require understanding and evaluation of existing  data collection and processing activities across an  organisation. 

In this edition, we will discuss the concepts of Data Minimisation and Purpose Limitation, as well as the  provisions of the Nigeria Data Protection Act (NDPA)  and other prominent privacy laws on this subject.

We will explore examples of Data Minimisation and  Purpose Limitation in action, case studies on the correct  vs incorrect ways to implement the principles of Data Minimisation and Purpose Limitation, lawful basis in relation to Data Minimisation and Purpose  Limitation, enforcement fines relating to Data Minimisation  and Purpose Limitation across the globe, emerging trends  influencing these concepts, among others.

See below to read more.