The principle of data minimization involves limiting data collection to only what is required to fulfill a specific purpose.
When an organization applies data minimization, any processing (the analysis of data to produce meaningful insight) they do will only use the least amount of data necessary. Also, the data collected should not be used for any other purpose or process without consent from the data subject (the individual from whom the data was collected).
Under the GDPR, enterprises are encouraged to practice data protection principles such as data minimization because data is sometimes collected and saved indefinitely. This practice creates large stockpiles of data that are difficult to protect, organize, and manage.