Collect Only the Data You Need, for the Right Purpose
As the amount of personal data collected and processed by organisations continues to increase, the need for responsible data processing is paramount. Among the core principles guiding responsible data protection are Data Minimisation and Purpose Limitation. These foundational principles embedded in the NDPA, play crucial roles in shaping how data is collected and processed by organisations. They emphasise that data controllers/processors must be accountable for data collected and ensure that personal data is:
- “collected for specified, explicit, and legitimate purposes, and not to be further processed in a way incompatible with these purposes” (See NDPA Section 24 (1)(b) – Purpose Limitation);”
- “adequate, relevant, and limited to the minimum necessary for the purposes for which the personal data was collected or further processed” (See NDPA Section 24(1) (c) – Data Minimisation).”
While the NDPA is more recent, other prominent privacy regulations such as the EU GDPR also reference similar requirements for Data Minimisation and Purpose Limitation. Compliance with these requirements will require understanding and evaluation of existing data collection and processing activities across an organisation.
In this edition, we will discuss the concepts of Data Minimisation and Purpose Limitation, as well as the provisions of the Nigeria Data Protection Act (NDPA) and other prominent privacy laws on this subject.
We will explore examples of Data Minimisation and Purpose Limitation in action, case studies on the correct vs incorrect ways to implement the principles of Data Minimisation and Purpose Limitation, lawful basis in relation to Data Minimisation and Purpose Limitation, enforcement fines relating to Data Minimisation and Purpose Limitation across the globe, emerging trends influencing these concepts, among others.
See below to read more.