The General Data Protection Regulation (GDPR) was enacted to protect the privacy rights of residents of the European Union. One of the ways in which GDPR protects privacy is by enacting certain principles relating to the processing of personal data. In the data minimisation principle, GDPR specifies that personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which that personal data is processed. In this article, we will discuss the data minimisation principle, including tips on how to determine if you are processing too much data and how you can evaluate your data management practices.