Definitions around data processing

Data processing

To remember

Data processing is any operation involving personal data, regardless of the method used. For example, recording, organizing, storing, modifying, reconciling with other data or transmitting personal data.

Simple consultation of data is also considered processing.

A processing operation is therefore not just a file, a database or an Excel spreadsheet. It can also be a video surveillance system, a credit card payment system, a biometric recognition system, a smartphone application, and so on.

A paper file organized according to a filing plan, nominative paper forms or application files in alphabetical or chronological order are also considered as personal data processing.

The data controller

To remember

The data controller is the legal entity (company, administration, etc.) or natural person who determines the purposes and means of data processing, i.e. the purpose and the way in which it is carried out.

In practice, this is generally the legal entity (company, local authority, etc.) embodied by its legal representative (chairman, mayor, etc.).

The data processor

To remember

The data processor is the legal entity or a natural person, public authority, agency, or any other organization who processes personal data on behalf of a data controller.

For example, in the case of outsourcing or a contract with a third party.

The purpose of processing

To remember

The purpose of processing is the main aim of using personal data.

Data is collected for a well-defined and legitimate purpose, and is not further processed in a way incompatible with this initial purpose.

Examples: recruitment management, payroll management, customer management, satisfaction surveys, communication campaigns, etc.

Processing that differs from the initial objective cannot be carried out.