WHAT IS THE DATA MINIMIZATION SERVICE ?
WHY DO I NEED IT?
Section 500.13 requires covered entities to establish policies and procedures for the routine disposal of Non-Public Information (NPI) that is no longer necessary for business purposes or legal requirements. Routinely disposing of unnecessary records and information that contain NPI under an enforced records retention program is a critical for compliance and dramatically reduces risks.
Companies operating in the Dubai International Financial Center (DIFC) must ensure the personal data they collect and process is retained for no longer than necessary for the purposes for which the data was collected. Adopting best practice retention standards and consistently enforcing the standards ensures that companies meet their obligations.
Article 5 of the GDPR requires controllers to retain data only for the purposes for which it was collected, and only for the time period necessary for the purposes for which it was collected.
"If you don’t have a legitimate business need for sensitive personally identifying information, don’t keep it. In fact, don’t even collect it. If you have a legitimate business need for the information, keep it only as long as it’s necessary."
Many states have data protection and privacy statutes that regulate the collection and use of personal data. These include limiting the amount of personal data that is collected and limiting the time such information is retained.
HOW DOES IT WORK?
- Renowned retention rules
- Data minimization workflows and documentation
- Program enforcement models
We equip you with the best practices standards, tightly-structured processes and ongoing controls needed to meet your obligations and reduce risks. We provide deletion strategies for all media types so you can defensibly and systematically delete unnecessary records. You’ll have clear documentation of your data minimization logic and initial cleanup efforts.
PROJECT TIMELINE: 60 DAYS OR LESS
Our professional staff supports your program from development through ongoing enforcement. With our help, you'll reduce discovery and data breach risks and be prepared to respond to an investigation, litigation or audit.