For years, the data of consumers and stakeholders have been collected in every shape and form. However, The General Data Protection Regulation (GDPR) has put data processing and privacy at the forefront, forcing many organizations to rethink their “more data is always better data policy” and develop better habits. Because, it is no longer an option to process vast amounts of data, if you want to obtain GDPR compliance. Instead, you need to have a data minimization policy as it is one of the core tenets of GDPR… so, knowledge may be power, but in the world of privacy, it can be your downfall.
However, almost two years after the GDPR came into force, many still struggle with the data minimization concept. For this reason, we have created a small data minimization technique with a Marie Kondo-twist to make it simpler and more top of mind. But what do Marie Kondo and GDPR have in common? More than you probably think, because, like the principles of the method, KonMari, the path to data protection compliance begins with inventory and minimization.
Commit yourself: Decluttering your data will take time and not finishing will not ensure you GDPR compliance. At the same time, you need to commit to doing it regularly as data will continue to flow into your organization. Therefore, doing it once won't be enough. This is an ongoing task.
Imagine your ideal GDPR life: Knowing your end goal in the cleaning process is essential - because without a map, you will not know how to get to your destination, and you might end up making everything messier. Therefore, it is important to make a strategic plan, and imagine how your data protection compliance will look like - and how you continuously ensure it.
Finish discarding first: Decluttering without getting rid of any data just means that you are moving stuff around. Remember to remove old and bad data before you get too far along in the process.
Tidy by category, not location: It can be overwhelming to clean up your data. Tidying by category – e.g. financial data - gives you a streamlined way to approach the different data areas in your organization and gives you a better overview of how much data your organization has.
Follow the right order: Even though it can be difficult to distinguish between the different categories of data, it is important to stay on track and not mix them together. Meaning, you should not be distracted and start cleaning a new category before you finished the first one.
Does it spark joy?: Do you really need it? It may seem like a weird question to ask yourself when you are looking at data. But we do tend to keep more than we need – just in case! But that is a big NO-NO in the GDPR. You always need to meet one of the GDPR’s conditions for the legal processing of personal data. Have this in mind when you go through all your data. It can be difficult to let go, but you need to, if you want to ensure GDPR compliance.