Friday, May 25, 2018
There are many people with SKELETONS in their DATA Closets!
Accordingly to the definition of processing in article 4 of GDPR ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
To say it shortly - if you have the personal data - you process it accordingly to the definition of processing.
What are the consequences of this definition?
It means that you have to comply with different aspects of GDPR like security, notice provided to the data subject and having a legal basis for the processing.
If you plan to use external supplier to process the personal data you have to sign a Data Processing Agreement accordingly to the article 28 of GDPR.
Contributed by my dear friend Piotr Siemieniak based upon typical 'real life' responses in training sessions. See https://upsecure.pl/