# O3.5 Integrate strict data minimization protocols into design {% tabs %} {% tab title="Principle" %} [O3 Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design) {% endtab %} {% tab title="Risk" %} [SV 1 Digital distrust](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-structural-vulnerabilities) [RS1 Privacy Vulnerability ](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety) {% endtab %} {% tab title="Life Cycle Stage" %} [L2 Strategy and Design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/responsible-authorities/r3-donor/l2-strategy-and-design-old) {% endtab %} {% endtabs %} ## Practices > * Design forms and digital interfaces that collect only essential information (e.g. GDPR - General Data Protection Regulation). > * Implement methods where direct identifiers are removed or replaced with pseudonyms. > * Pseudonymized data might still be re-identifiable and should not be treated as anonomized without further scrutiny. It still requires access management, controlled processing enviroments, transaction protocols and a liability regime for misuse. > * Periodically review data collection practices and storage to identify and eliminate unnecessary data, similar to practices in the California Consumer Privacy Act (CCPA). ## Resources


	Case Study	( to come soon..)
	References	International Association of Privacy Professionals (IAPP) Privacy International; Department of Homeland Security. Privacy Impact Assessments.