Which of the following is a key principle of GDPR?

Data minimization is a key principle of the General Data Protection Regulation (GDPR) that emphasizes the importance of collecting only the data that is necessary for a specific purpose. This principle is designed to protect individuals' privacy by limiting the amount of personal data collected and processed by organizations. By focusing on necessity, GDPR encourages businesses to be more responsible with the data they handle, ensuring that they do not collect or retain more information than needed for their operations. This approach not only helps to minimize risks associated with data breaches but also aligns with the rights of individuals to have their data handled responsibly and ethically.

In contrast, the other options focus on practices that are not in alignment with GDPR principles, such as unlimited data retention, which contradicts the regulation's requirement for data to be kept only as long as necessary; universal data sharing, which may conflict with the need for consent and control over personal data; and data ownership by third parties, which goes against the individual’s rights to their personal information as defined by GDPR.