Home

Data processing

Data processing

MODULE CONTENTS

This module defines what a processing operation is: all the operations carried out on a data item, from collection to simple conservation. It then sets out the legal bases on which all processing must be based in order to comply with the law. A focus is made on consent. This module consists of a 3-minute motion design followed by a quiz to validate the learners' knowledge.

PEDAGOGICAL OBJECTIVES

  • Understanding the diversity of treatment
  • Know how to define a treatment
  • Understanding what a legal basis is
  • Know the 6 legal bases
  • Know the conditions for obtaining consent

What is a treatment?

The European Regulation defines processing as any operation or set of operations, whether computerised or manual, carried out on personal data: collection, recording, consultation, communication, dissemination, deletion, etc.

In fact, anything that affects data, even simple storage, is considered as processing, whether for the management of staff, suppliers, customers...

The number of companies that have to process data is therefore staggering!

And the GDPR is there to provide a framework for all these operations.

Because all data processing must be legal!

And to be legal, all processing must be based on at least one of the 6 legal bases provided by the European Regulation:

1. The execution or negotiation of a contract such as the management of credit contracts.

2. The legal obligation, such as the fight against money laundering, or the processing of employee data imposed by the Labour Code.

3. Safeguarding the vital interests of a person incapable of giving consent, as in the case of organ research.

4. The pursuit of legitimate interests of the enterprise, such as the security of persons, networks and information or processing for statistical purposes . However, this requires that people be informed and be able to oppose it if necessary.

5. The performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, such as during a police investigation.

6. The "free and informed" consent of the person, which must be informed in a very clear manner and understood by everyone. No more vague wording or wording requiring a long career as a lawyer! Exit also the pre-ticked boxes and default consent!

Let's add a few more details. They are important...

  • Consent must be collected separately from the general terms and conditions of sale.
  • The person must be able to withdraw consent easily and unconditionally.
  • Consent must be stored in order to prove to the Control Authority that it has been collected.