THOUGHT LEADERSHIP

At the recent 2026 Global Summit hosted by the International Association of Privacy Professionals in Washington, D.C., one theme surfaced repeatedly across the conference sessions on privacy, AI governance, and cybersecurity law: Data Minimization. While the topic had a dedicated session, it emerged repeatedly as a portion of many other sessions throughout the conference.

At first glance, data minimization seems straightforward: collect only the data necessary for your specific intended purpose. But there are additional aspects that make this a key topic in the industry.

Current European law prohibits businesses from sending personal information about European citizens to companies in the United States (US) without specific contractual obligations to protect the privacy of the information.  However, the current Data Privacy Framework (DPF) allows US companies that are “Certified” under the Framework to import and process personal data of European citizens without these contractual requirements.

The European Parliament and the Council of the European Union approved the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/279) which became enforceable on May 25, 2018.  Because personal information, including health information, is collected during clinical trials, knowing and understanding the GDPR is critical for running clinical trials in the European Union.  Penalties for infringements of specific provisions of the Regulation can reach up to 4% of a company’s total worldwide turnover (i.e., gross revenue).

Checklists. Some people hate them; some people love them. There have been whole books written about them. Some checklist fans say they live by their checklists. Cynics may see checklists as long, tedious, ineffective, bothersome, or just plain wrong. And, well, that’s sometimes true.

So what makes a good and effective checklist?