cdpse-d3-data-persistence-data-minimization

Data Minimization

isaca-cdpse · framework · Gold standard

Drawn fromCDPSE Review Manual · ISACA peer-reviewed case sets·Reviewed May 5, 2026

How this was built ▾

Every cubelet runs through five agent passes before publishing. Each stage's output is recorded so we can trace how a claim got here.

01 · RESEARCHSource synthesisClaude Haiku
02 · WRITERSix-face draftingClaude Sonnet
03 · EDITORCoherence + clarity passClaude Sonnet
04 · QAQuality gate scoringClaude Opus
05 · PUBLISHERCatalog + graph commitClaude Haiku

This runcourse-factory-pipeline-v1

1

Face 1 of 6 · WHAT

What is Data Minimization

Data minimization is the privacy principle requiring organizations to collect, process, and retain only the personal data that is adequate, relevant, and strictly necessary for a specified, legitimate purpose. It functions as a constraint on data collection: before collecting any personal data element, the organization must affirmatively answer 'why do we need this, for what purpose, and for how long?' If no documented business justification exists, the data must not be collected. Data minimization is codified in GDPR Article 5(1)(c) and mirrored in CCPA, LGPD, PIPEDA, and sector-specific rules including the HIPAA minimum necessary standard and PSD2/PSD3 data use limitations. Within the ISACA-CDPSE framework, it sits at the intersection of Data Lifecycle Management and Privacy by Design — decisions made at collection cascade into retention, processing, and deletion obligations downstream. It is NOT synonymous with data deletion (a disposal action after the lifecycle ends), data anonymization (a technical transformation that changes data character), or data security (which protects data regardless of volume). It is a governance principle enforced through policy, technical controls, and process design.

Where it stops · what it isn't

—IS: A principle governing what personal data is collected and how long it is retained relative to a defined purpose
—IS: Applicable to both structured (databases, CRMs) and unstructured (email, documents, logs) personal data
—IS: A design-time and collection-time constraint, not only a post-facto deletion practice
—IS NOT: The same as data deletion or disposal — minimization prevents over-collection; deletion ends storage of already-collected data
—IS NOT: Data anonymization or pseudonymization — those are technical transformation techniques that may support minimization but are distinct practices
—IS NOT: A one-size-fits-all rule — what is 'necessary' varies by purpose, lawful basis, and jurisdiction (GDPR legitimate interest vs. consent vs. contract)
—IS NOT: A prohibition on analytics or AI/ML — but it requires that analytical use cases be scoped and datasets be justified element by element
—IS NOT: Equivalent to data security — an organization can maintain strong encryption and still violate minimization by retaining unnecessary data

Connected concepts in the graph

Every cubelet sits in a knowledge graph. Here's what this one connects to.

PART OF

Data Lifecycle ManagementPrivacy by Design (GDPR Article 25)

REQUIRES

Data ClassificationPurpose Limitation

ENABLES

Data Retention and Disposal SchedulingData Protection Impact Assessment (DPIA)Consent Management

RELATED TO

Data Accuracy (GDPR Article 5(1)(d))Storage Limitation (GDPR Article 5(1)(e))

CONSTRAINS

Analytics and ML Data Collection PracticesThird-Party Data Sharing and Vendor Onboarding

Practice this judgment ↗

Adaptive, ~8 min

Sit in the practitioner's chair ↗

Live simulator

06 · APPLYSign up to enter the judgment simulator →

Watch your judgment grow on this concept

Create a free account to unlock all 6 faces, the judgment simulator, and a mastery score that updates with every attempt.