# O3.14 Integrate strict data minimization protocols into design {% tabs %} {% tab title="Principle" %} [O3: Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design) {% endtab %} {% tab title="Risk" %} [RS1 Privacy vulnerability](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety) {% endtab %} {% tab title="Lifecycle Stage" %} [L2: Strategy & Design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/life-cycle-stages) {% endtab %} {% endtabs %} ## Practices > Design forms and digital interfaces that collect only essential information (e.g. GDPR - General Data Protection Regulation). > > Implement methods where direct identifiers are removed or replaced with pseudonyms. > > Pseudonymized data might still be re-identifiable and should not be treated as anonomized without further scrutiny. It still requires access management, controlled processing enviroments, transaction protocols and a liability regime for misuse. > > Periodically review data collection practices and storage to identify and eliminate unnecessary data, similar to practices in the California Consumer Privacy Act (CCPA)." ## Resources