Which of the following is a core principle of GDPR?

Data minimization is indeed a core principle of the General Data Protection Regulation (GDPR). This principle mandates that organizations should only collect and process personal data that is necessary for the specific purposes they have identified. It emphasizes the need to limit data collection to what is directly relevant and necessary, thereby reducing the potential risk to individuals' privacy and safeguarding their rights.

This principle aligns with the GDPR's overarching goal of protecting personal data and ensuring that individuals have control over their own information. By adhering to data minimization, organizations can help prevent excessive data collection and mitigate potential privacy breaches, which reinforces trust between data subjects and data processors.

The other choices—unlimited data retention, lack of required informed consent, and unrestricted surveillance—do not align with GDPR principles. The regulation explicitly requires that data retention be limited to what is necessary, that informed consent is a necessary component for lawful processing in many cases, and that any surveillance must be proportionate and respect the rights of individuals.