How would you handle address data privacy in GDPR contexts?

• A. Store all possible data forever for compliance.
• B. Minimize data collection, support deletion/anonymization, proper access controls, and allow data subject rights processes.
• C. Share data with third parties freely to improve services.
• D. Only encrypt data at rest; ignore access controls.

Answer: (B)

In GDPR contexts, protecting address data hinges on limiting what you collect, how long you keep it, and who can access it, while empowering individuals with control over their information. The best approach is to collect only what’s truly necessary for a stated purpose, retain data only as long as needed (and then anonymize or erase it when appropriate), and enforce strong access controls so that only authorized people can process the data. You should also provide clear processes for data subjects to exercise their rights—access, correction, deletion, portability, and objections or restrictions—with transparent timelines and support.

This combination directly supports GDPR principles like data minimization, storage limitation, and data subject rights, and it helps demonstrate accountability and responsible handling of personal data. By contrast, storing data forever contradicts storage limits, freely sharing data with third parties without proper basis undermines consent and lawful processing, and focusing only on encryption without solid access controls neglects the broader requirements for secure, accountable data handling.