Data Processing

Any operation or set of operations performed on personal data, whether by automated means or not. Under GDPR Article 4(2), processing includes virtually any action: collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction. Essentially, if you're doing anything with personal data, you're processing it. This broad definition means that merely viewing data on a screen constitutes processing, as does storing data without actively using it. Understanding that all activities involving personal data are 'processing' helps clarify that all such activities must have lawful basis, comply with privacy principles, and respect data subject rights. Organizations must document their processing activities, assess risks, implement appropriate safeguards, and ensure accountability for all processing operations.