Data processing: introduction and explanation

Data processing: definition

The fourth article of the new European legislation ( GDPR ) describes data processing as follows:

“any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”

In order to be lawful, data processing must have suitable juridical grounds and the Supervisory Authority recommends a Record of the processing activities (even though this document is not mandatory).

There are several steps that data undergo, here we can see the whole process described in details.

Data processing: operations

As we previously mentioned, data usually follow a path and undergo several operations, such as:

  • Gathering: the initial phase of the data processing. It is a simple and obvious step during which data are gathered;
  • Registration: this phase implies the storage of the data;
  • Organization Structuring: the first one represents the classification of the data while the second one implies the distribution following a precise pattern;
  • Storage: it includes saving the data no matter what the devices is;

However, these are not the only operations that concern data. As a matter of fact, data can be subject to:

  • Consultation: it consists in reading the personal data;
  • Modification: this change can relate to small part of the data;
  • Elaboration: whenever data undergo a significative modification;
  • Selection: choosing some data within already stored groups of data;
  • Extraction: every time data are extrapolated;
  • Confrontation;
  • Interconnection: using more than one data set;
  • Communication: communicating the personal data to someone different from the data subject;
  • Disclosure: whenever a not-identified third party in any shape or form has at his disposal the data;
  • Erasure: the elimination of the data;
  • Distruction: the final activity of this circle, whenever data no longer exist.
Start your Free Trial!

in collaboration with
CISCO

Data processing: the data

Every data processing must be carried out in a lawful way, the purposes of the data processing must be legitimate, precise and explicit.

In addition, the processed data must be correct and up to date, stored for a reasonable timeframe (that cannot exceed the purpose of the data processing itself). Obviously, it is not possible to use data gathered in an illecit way.

Swascan: GDPR approach

In order to help companies during their compliance process, Swascan developed a unique tool. Swascan GDPR Self-Assessment allows companies to test their compliance level (in addition to the overall compliance index, there is a specific index for each GDPR thematic area). In addition, Swascan platform provides a concrete action plan with the actions to implement in order to meet the GDPR requirements. Clicking on the button below, there is the chance of starting a free trial of the GDPR Self-Assessment:

Start your Free Trial!

in collaboration with
CISCO

Following a fac simile of the final report:

Data processing

Swascan

In order to assure to your business the best tool available, Swascan together with Raoul Chiesa ( Raoul Chiesa interview ) developed a special cybersecurity platform. It is completely in Cloud, Pay per Use and SaaS. You can see for yourself in our brochure: Cybersecurity platform and have an in-depth look at our services. Our four services cover all the governance needs in terms of risk management and periodic assessment. Basically, the right tools to understand your focus areas are Vulnerability Assessment, Network Scan, Code Review and GDPR Assessment. Last but not least, don’t forget GDPR: our platform is 100% GDPR compliant ( GDPR infographic ) and to provide a full documentation here you can find some information about the new figure introduced by this law: DPO .