-
Data protection covers whole data lifecycle: collection to erasure
-
GDPR understands data processing as all operations on personal data
-
Set of operations aimed at one purpose is a process (e.g. newsletter)
Once you know what personal data are, let’s talk about what happens with them. In older data protection laws, there was a notion of filing system to describe any structured set of personal data, such as software database, Excel spreadsheet or an archive.
But places where loads of personal data are stored are not the only area for possible breaches. Data must be protected through their whole lifecycle, from the moment when they are collected, until complete erasure. Many breaches occurred during transmission, by sending to wrong recipients, losing a data carrier or making data public without authorization. Also the ending phase of processing is vulnerable, as many organizations never erase data or still prefer rubbish bins over shredders – including their digital equivalents.
That is why the notion of data processing covers all operations on personal data. GDPR gives many examples of processing operations, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, alignment or combination, restriction, erasure or destruction.
Analyzing all processing operations separately could be an impossible task – that is why many experts define processes that cover all operations aimed at one purpose, such as recruitment, sales, customer service, newsletter, holding events, fleet management, relations with suppliers etc.
Next: GDPR staff training 6/17 – who processes personal data?
Table of contents:
GDPR staff training 1/17 – preview
GDPR staff training 2/17 – how do you approach data protection right now?
GDPR staff training 3/17 – why protect data at all?
GDPR staff training 4/17 – what are personal data?
GDPR staff training 5/17 – what is personal data processing?
GDPR staff training 6/17 – who processes personal data?
GDPR staff training 7/17 – how personal data should be processed?
GDPR staff training 8/17 – what are your roles & responsibilities?
GDPR staff training 9/17 – why the need to know principle is so important?
GDPR staff training 10/17 – what difference can you make?
GDPR staff training 11/17 – how do you approach data protection right now?
GDPR staff training 12/17 – why provide information on data processing?
GDPR staff training 13/17 – what is the sense of consents to data processing?
GDPR staff training 14/17 – what to include in and how to apply contracts?
GDPR staff training 15/17 – what to include in & how to apply contracts?
GDPR staff training 16/17 – how to handle data subject requests?
GDPR staff training 17/17 – wrap-up
Self-implement GDPR in 16 steps:
Complete data protection system – A-Z course & templates
