What is “data minimization” in segmentation?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Your CRM has 47 fields on every contact. You use about six of them to actually build segments. The rest were collected because someone once thought they might be useful. Under GDPR, that gap isn't just clutter: it's a compliance liability.
Data minimization is the principle that you should only collect and retain personal data that's necessary for the specific purpose you've stated. In segmentation terms, it means you shouldn't be storing location, age, device type, purchase intent scores, and browsing history if you're only ever segmenting by product category and send frequency. Every data point you hold creates compliance surface area: it has to be protected, disclosed in your privacy policy, and defensible if a subscriber asks what you're doing with it. Holding enriched contact data indefinitely because it "might be useful someday" isn't compliant under GDPR, and it's not a defensible answer in a Subject Access Request.
The practical implication runs in two directions. At the collection stage, only ask for fields you'll actually use in your segmentation strategy. Signup forms that request birthday, job title, industry, and company size when you're sending a monthly newsletter are collecting beyond what you need. At the retention stage, data collected for a specific campaign or purpose should be deleted or anonymized when that purpose ends. Your data retention policy should specify how long each field type is kept and what triggers deletion.
There's also a practical performance argument for minimization. Segmentation built on fewer, higher-quality signals tends to outperform segmentation built on 12 inferred demographic fields. A segment built on "clicked a product category link in the last 60 days" is more actionable than one driven by stacked inferences. The compliance push toward minimization usually forces you toward cleaner, more direct signals, which is good for targeting accuracy as well as legal hygiene.
The audit question: for each custom field in your ESP or CRM, can you point to a live segment or automated flow that actually uses it? Fields that can't pass that test are candidates for deletion. Start with your data retention policy and work backward to which contact fields it governs. If you don't have a written retention policy, writing one is the first step.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.