Processing of personal data
Processing of personal data refers to everything that can be done with a piece of data. For example, processing includes simply storing or viewing data. GDPR identifies 16 types of personal data processing.
- Collection
Typically represents the first processing action and involves acquiring the data itself. - Recording
Involves storing the data on any medium. - Organisation
Classification of data according to a specific criterion. - Structuring
Distribution of data based on certain schemes. - Storage
Keeping data stored on any medium, including paper. - Consultation
Simply viewing personal data, even accidentally or without a specific purpose. - Alteration
Refers to changing personal data, even in a minimal way.- Processing
A specific case of modification, representing a process by which personal data undergoes substantial changes. - Selection
Identifying personal data within groups of data already stored.
- Processing
- Extraction
Extracting data from already stored groups. - Alignment
Comparing data, which may be a consequence of processing, selection, or consultation. - Use
A generic activity that may represent any type of use of personal data. - Combination
Using multiple databases through electronic tools. - Restriction
Temporarily suspending any processing of data except for storage. - Disclosure
Sharing or disclosing personal data to one or more specific entities other than the data subject, data controller, processor, and authorized individuals.- Transmission
An extension of communication, representing the transfer of entire databases to other entities, such as in the case of selling or purchasing data lists or when one company acquires or succeeds another.
- Transmission
- Dissemination
Making personal data available in any form and manner, whether voluntarily or not, to unspecified individuals. An example is publishing a photograph online, which without the data subject’s consent remains unlawful processing. - Erasure
Deleting data using electronic tools. - Destruction
The activity of permanently deleting data from any medium.
Every processing of personal data must comply with the principles defined by the Regulation (Article 5):
- Lawfulness
Processing must comply with the Regulation, rely on a legal basis, and, if required, be based on the data subject’s consent. - Fairness
The final outcome of the processing must be correct. - Transparency
The data subject must be informed about the processing of their data and has the right to request access to it at any time. - Purpose Limitation
Current and future processing must be limited to the purpose for which it is related. - Data Minimisation
Data must be “adequate, relevant, and limited to what is necessary for the purposes for which they are processed.” Therefore, unnecessary data must not be collected or processed. Where possible, for the achievement of the purpose, anonymized or pseudonymized data should be used. Data minimization must be ensured from the design of the processing itself (Privacy by Design and by Default). - Accuracy
Data must be accurate, updated, and corrected if incorrect. This obligation does not authorize the data controller to access new information in order to update previously collected data. - Storage Limitation
Data has an expiration date depending on the purpose for which it is processed, beyond which it must be deleted. Alternatively, data may be anonymized, losing its characteristic of being “personal.” - Integrity and Confidentiality
Adequate security of the collected and processed personal data must be ensured.
Legal, ICT, marketing: comprendiamo le tue necessità
Vogliamo sollevarti dai grattacapi nella gestione di consensi e privacy dei clienti.
