What is data minimisation? (GDPR Art. 5(1)(c))

Data minimisation (GDPR Art. 5(1)(c)) is one of six core principles: personal data must be "adequate, relevant and limited to what is necessary". Concrete tests: (1) Is this field really needed to achieve the purpose? (2) Would a less intrusive alternative suffice (e.g. age band instead of date of birth)? (3) Are you not retaining longer than needed (storage limitation)? Common mistakes: webshop asks DoB for customer discount (not needed — age band suffices), HR system retains rejected job applications (max 4 weeks per Dutch NVP guideline), tracker logs full IP when /24 or /16 would suffice. Fine impact: AP fines 2023-2025 against Bol.com and Booking.com partly based on minimisation breaches — not just missing lawful basis. For consumers: if a form demands many non-essential fields, ask why. Often the answer is unsubstantiated → you can refuse or complain.