Purpose limitation means you should collect data for a specific, clear reason and not use it for unrelated purposes later. Data minimization means you should only collect what is necessary to deliver that purpose. The two go together: if the purpose is clear, the data list gets smaller.

For users, this is good news. Fewer data requests means fewer surprises. For teams, it means fewer security obligations and smaller compliance surface area. Less data is often better data.

Start with an inventory. For each data point, write down the reason it exists and where it is used. If you can’t explain the purpose in one sentence, the data probably should not be collected.

• Keep purposes specific and user-centered.
• Remove fields that are “nice to have.”
• Revisit data forms every quarter.