What does “to process” personal data mean?

Those of you who have had the opportunity to be part of any audit concerning personal data protection at some stage must have heard the question “What kind of personal data do you process in your daily work?”. Speaking of, what kind? The mere word “process” is usually associated with some activity. We are unlikely to doubt that we process personal data when (for example) we collect such data from job candidates (asking them to complete the recruitment form), when we call a potential customer to present a commercial offer or when we correct the data provided by the contractor.

What happens, nonetheless, when our contact with personal data is more passive in nature? For instance, when do we know that the data is in a system to which we have access, or when the data is transferred for secure removal to an external company dealing with document disposal?

Think about the following case. What do you think, has XYZ carried out any sort of personal data processing activities?

Case study

Edward, a man in his 60s, actively looking for a job, came to XYZ. He left his CV with a cover letter at the reception. Unfortunately, it so happened that XYZ did not need anyone for the position Edward would like to apply for. The receptionist ignored Edward’s candidacy and she put his CV and letter in a drawer. The documents had been kept in the drawer for almost 4 years until a new receptionist came to the company. He found the CV in the desk of his predecessor while cleaning it up and, not knowing what to do with it, threw it into a shredder.

If you believe that XYZ has been processing data in this case, then you are right.

Conclusions?

Many times you may have thought that you were not processing personal data when, in fact, it was exactly the opposite. Not only may your organization pay for the consequences of wrong processing, but also you – indirectly. That is why it is so important that we know not only what personal data is, but also in what situations its processing is the case. If you are wondering whether or not you are processing personal data and you do one of the following:

  • you store data in binders, in your desk, on a desktop, in an email mailbox,
  • you destroy documents containing personal data in a shredder,
  • you have access to the system in which personal data is processed, despite the fact that you enter it only in extreme situations (e.g. in the case of maintenance activities in the application supplied to the customer),

- the answer is – “yes” :)

Czytaj także:

Najczęstsze błędy przy zawieraniu umów powierzenia
Administratorem Twoich danych jest ODO 24 sp. z o.o. z siedzibą w Warszawie (03-812) przy ul. Kamionkowskiej 45. Twoje dane są przetwarzane w celu świadczenia usługi biuletyn informacyjny na zasadach określonych w Regulaminie ŚUDE. Więcej informacji na temat procesu przetwarzania danych osobowych oraz przysługujących Ci praw uzyskasz w Polityce prywatności.
Potwierdź swój adres e-mail
Wejdź na swoją skrzynkę pocztową, otwórz wiadomość od ODO 24 i potwierdź adres e-mail, klikając w link.
Jeżeli nie znajdziesz naszej wiadomości - sprawdź w folderze SPAM. Aby w przyszłości to się nie powtórzyło oznacz wiadomość jako pożądaną (klikniknij prawym przyciskiem myszy i wybierz "Oznacz jako wiadomość pożądaną").
Odbierz bezpłatny pakiet 4 poradników
i 4 szkoleń e-learningowych RODO
4x4 - Odbierz bezpłatny pakiet 4 poradników i 4 szkoleń RODO
Administratorem Twoich danych jest ODO 24 sp. z o.o. z siedzibą w Warszawie (03-812) przy ul. Kamionkowskiej 45. Twoje dane są przetwarzane w celu świadczenia usługi biuletyn informacyjny na zasadach określonych w Regulaminie ŚUDE. Więcej informacji na temat procesu przetwarzania danych osobowych oraz przysługujących Ci praw uzyskasz w Polityce prywatności.
Administratorem Twoich danych jest ODO 24 sp. z o. o. >>>