The organization must identify different processing situations in which it may be necessary to limit the processing of personal data and the amount of personal data in relation to their purposes. This may include e.g. removal of data allowing identification and other data processing limitation techniques.
The organization should determine and document the restriction goals for data processing and the mechanisms used to implement the goals.