What is “Processing” Personal Data?
Introduction
Hopefully you have read about what “Personal Data” is. If you haven’t already, it’s highly recommended you start there because it’s the very first part of building your data protection knowledge.
Let’s look at “Processing”. Another term that can be easily misunderstood.
“Processing” is extremely broad and it covers both active and passive things that can happen to personal data - from collecting to storing it and then deleting it. All of these things count as processing. The way to think of it is if you’ve got it (or are getting it) you are processing it.
Let’s take a look at some examples:
Why Process it?
Most likely you need to process personal data for a business reason. For example, you might have employees that you need to provide tools to so they can do their job. Or you might have customers that you want to track so you can understand what their procurement process is like. But there might be other reasons for your to process personal data that you don’t have a choice about like maintaining tax records for employee salary payments that you have made or because there is a legal process happening and you need to keep everything you have on it.
Active Processing
These are activities that require an action that be being done. For example, something like pulling up a record to view it, or perhaps, hitting the delete button to remove the data from your system. Both of these require an actual act on the relevant personal data field or group of fields.
Passive Processing
These are acts that happen to personal data that do not require an action being done. For example, storing personal data counts as processing even though nothing is actually happening to the personal data. There could also be transfers of the personal data from one system to another, or even to a supplier you have, that is completely automated and happens in the background. All of these, and more, count as “processing” which means that you need to comply with data protection laws.
Are you “Processing” personal data? Let’s check out some examples:
Customers and Personal Data
Every business has customers and it’s natural to want to hold onto every insight you can get to understand how they work. This might be to understand their procurement process or to develop your products and services.
Holding customer personal data counts as processing and as shown in this example, every step thats taken counts as processing.
Encryption and Personal Data
Developing software is immensely technical, a lot happens to all types of data and sometimes these processes can take place in less than a second. This is why it’s important to understand what “processing” is and to document them.
In this scenario, the developer thinks that encryption means the personal data is no longer personal data. This isn’t true at all and so even if we try to secure the personal data, it doesn’t change the nature of it. As a result, the personal data is being transferred from one system to another which means that the Developer must comply with data protection laws.
So what’s next?
If you want a super quick video on what “Processing” is, check out Puja our Founder explaining it on Instagram or LinkedIn within 60 seconds.
You now know you’re processing personal data, the next step is to figure out whether what you are doing is even allowed under data protection laws. Want to know more? Stay tuned!
