GDPR Made Clear: Data Minimisation

October 20th 2025

Collect Only What You Need

Welcome back to our seven-part series unpacking the UK GDPR principles, written specifically for arts, cultural and heritage organisations. This week, we’re focusing on data minimisation for cultural organisations – the principle that helps you collect only what you need, and nothing more.

If your team has ever asked whether it’s okay to add a question “just in case,” or wondered whether job titles and dietary needs should be collected for every event, or questioned whether old data from past projects can be kept indefinitely, this post is for you.

Data Minimisation – Keep It Lean

Under UK GDPR, you must only collect personal data that is adequate, relevant and limited to what’s necessary for your stated purpose. That means the data must be sufficient to fulfil your purpose, clearly linked to that purpose, and not excessive. If you can achieve your goal without a particular data point, don’t collect it.

Avoid speculative data collection. Skip unnecessary details. Review what you hold and ask whether it still serves a purpose. Every question, field or dataset should have a clear reason behind it. If the answer to “what will we do with this?” isn’t obvious, it probably doesn’t belong.

Practical Tips for Cultural Teams

  • Be purpose-led. Before adding a question, ask: “What will we do with this?”
  • Use conditional logic. Only ask for access needs or dietary requirements if the event includes catering or physical attendance.
  • Avoid default fields. If your CRM or survey tool includes optional fields, disable or hide them unless they’re relevant.
  • Review old forms. Strip out legacy questions that no longer serve a purpose.

Role-Based Examples

Marketing Teams

You’re collecting emails for a newsletter. You don’t need full names, postcodes or job titles unless they serve a specific segmentation purpose. Keep the form short – it improves sign-up rates and reduces risk.

Learning and Participation Teams

You’re running a workshop for schools. Ask for the teacher’s name and contact details, but don’t collect pupil names unless strictly necessary. If you need age ranges or access needs, explain why and how that data will be used and stored.

Fundraising and Development Teams

You’re inviting donors to an event. You may need dietary requirements or access needs – but only if you’re providing food or physical access. Don’t ask for job titles or income brackets unless you’re conducting prospect research, and even then, be transparent.

Final Thoughts

Data minimisation for cultural organisations isn’t about cutting corners – it’s about clarity, purpose and trust. When you collect only what you need, you reduce risk, improve user experience, and show respect for your audiences.

Be lean. Be clear. Be purposeful.

What’s Next?

Up next in our GDPR seven principles series is Accuracy – a vital aspect of data protection that ensures the personal data you hold is correct, up to date, and fit for purpose. We’ll explore what the UK GDPR says about accuracy, why it matters, and how to build processes that keep your data clean and reliable. Stay tuned!

Get In Touch

If you’re a cultural organisation looking for tailored support, plain English policies, or practical training that empowers your team, we’d love to help. Get in touch for a free 30-minute consultation.

Leave a Reply