Learning from Cybersecurity Stats: What’s the Best Way to Limit Your Data Exposure? – JD Supra

I act as Data Protection Office (DPO) for a few startups. Most Developers start from a position of “grab everything, keep it forever”. Pushing them to capture the bare minimum, store it securely (tokenised / anonymised if possible), and delete it when no longer needed is a continual battle…:

[…] Article 17 of GDPR states: “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay”. So, data minimization for data involving individuals is not just a good idea, it’s required for individuals who are data subjects within GDPR.

Data minimization best practices eliminate data that’s no longer useful to the organization (but, in many cases, still detrimental to be made available to hackers) from potential data breach, making it easier for the organization to protect the useful data that remains.

[…]

Original article