Data processing: introduction and explanation

Data processing: definition

The fourth article of the new European legislation ( GDPR ) describes data processing as follows:

“any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”

In order to be lawful, data processing must have suitable juridical grounds and the Supervisory Authority recommends a Record of the processing activities (even though this document is not mandatory).

There are several steps that data undergo, here we can see the whole process described in details.

Data processing: operations

As we previously mentioned, data usually follow a path and undergo several operations, such as:

  • Gathering: the initial phase of the data processing. It is a simple and obvious step during which data are gathered;
  • Registration: this phase implies the storage of the data;
  • Organization Structuring: the first one represents the classification of the data while the second one implies the distribution following a precise pattern;
  • Storage: it includes saving the data no matter what the devices is;

However, these are not the only operations that concern data. As a matter of fact, data can be subject to:

  • Consultation: it consists in reading the personal data;
  • Modification: this change can relate to small part of the data;
  • Elaboration: whenever data undergo a significative modification;
  • Selection: choosing some data within already stored groups of data;
  • Extraction: every time data are extrapolated;
  • Confrontation;
  • Interconnection: using more than one data set;
  • Communication: communicating the personal data to someone different from the data subject;
  • Disclosure: whenever a not-identified third party in any shape or form has at his disposal the data;
  • Erasure: the elimination of the data;
  • Distruction: the final activity of this circle, whenever data no longer exist.


Data processing: the data

Every data processing must be carried out in a lawful way, the purposes of the data processing must be legitimate, precise and explicit.

In addition, the processed data must be correct and up to date, stored for a reasonable timeframe (that cannot exceed the purpose of the data processing itself). Obviously, it is not possible to use data gathered in an illecit way.

Swascan: GDPR approach

In order to help companies during their compliance process, Swascan developed a unique tool. Swascan GDPR Self-Assessment allows companies to test their compliance level (in addition to the overall compliance index, there is a specific index for each GDPR thematic area). In addition, Swascan platform provides a concrete action plan with the actions to implement in order to meet the GDPR requirements. Clicking on the button below, there is the chance of starting a free trial of the GDPR Self-Assessment:


Following a fac simile of the final report:

Data processing


In order to assure to your business the best tool available, Swascan together with Raoul Chiesa ( Raoul Chiesa interview ) developed a special cybersecurity platform. It is completely in Cloud, Pay per Use and SaaS. You can see for yourself in our brochure: Cybersecurity platform and have an in-depth look at our services. Our four services cover all the governance needs in terms of risk management and periodic assessment. Basically, the right tools to understand your focus areas are Vulnerability Assessment, Network Scan, Code Review and GDPR Assessment. Last but not least, don’t forget GDPR: our platform is 100% GDPR compliant ( GDPR infographic ) and to provide a full documentation here you can find some information about the new figure introduced by this law: DPO .

Data controller: explanation of the figure and duties
CyberSecurity for SMBs: an issue to face as soon as possible

Cyber Incident Swascan Emergency

Contact us for immediate support

The undersigned, as data subject, DECLARES that I have read and understood the content of the privacy policy pursuant to Article 13, GDPR. AGREE to the processing of data in relation to the sending by the Data Controller of commercial and / or promotional communications relating to (i) own products / services, or (ii) products / services offered by third parties.
The consent given may be revoked at any time by contacting the Data Controller at the addresses provided in the aforementioned privacy policy.