Data minimisation is a fundamental principle under the GDPR. It means that you only should collect and process personal data that is absolutely necessary to fulfil your purpose. You need to implement internal procedures and routines to review this on a regular basis.