GDPR Art. 5(1)(c) requires that personal data be 'adequate, relevant and limited to what is necessary.' What is this principle called?
2.
Which of the following practices best implements the storage limitation principle?
3.
A company needs aggregate sales analytics (total units sold per region). How can it fulfil this need while complying with data minimisation?
4.
Explain the four practical steps an organisation should follow to implement a data retention policy, and explain why automated deletion is preferable to manual deletion.
5.
A company runs a newsletter and collects subscribers' email addresses and dates of birth. Which GDPR principle dös collecting dates of birth most likely violate?
6.
Why dös over-retention of data increase regulatory risk after a breach?