Processing (Data Processing)

Any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, restriction, erasure, or destruction. Under GDPR Article 4(2), processing is defined extremely broadly to encompass virtually any handling of personal data. This comprehensive definition means that almost any interaction with personal data—from simply viewing it to complex analytical operations—constitutes processing and must comply with data protection principles. The broad scope ensures protection throughout the data lifecycle and prevents organizations from claiming certain activities fall outside regulatory requirements. Each processing operation requires a lawful basis under GDPR Article 6 (or Article 9 for special categories), and controllers must document processing activities, implement appropriate security measures, and respect data subject rights throughout all processing operations.