Final answer:
The GDPR mandates that personal data must be 'not excessive' in relation to the processing purposes. This is in line with data minimisation principles to protect personal information.
Step-by-step explanation:
The GDPR states that "personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed." The correct answer is A: Not excessive. This principle is part of the GDPR's data minimisation requirement, ensuring that no more personal data is processed than is necessary for the given purposes. This reflects the EU's commitment to protect individuals' data and limit the collection and processing of personal data to what is strictly required.