The GDPR defines 'processing' as any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Article 5 states that personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
Some examples of the purposes (or reasons) for processing:
- sales of goods or services
- recruitment of employees
- student enrollment
- collation for submission to an industry body
- monitoring of individuals through CCTV
- fraud detection and prevention
In the GDPR compliance app, you will be prompted to select all data subject types relevant to your organisation and then to determine the purpose(s) for processing of personal data of each data subject type.
The content herein is provided for your convenience and does not constitute legal advice.
Compliance Technology Solutions B.V. 2018