There are many people with SKELETONS in their DATA Closets!
Brent Dreyer
AI Strategist | Author | Advisor | Healthcare & Marketing AI | Data-Driven Growth & Innovation
GDPR ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; To say it shortly - if you have the personal data - you process it accordingly to the definition of processing. What are the consequences of this definition? It means that you have to comply with different aspects of GDPR like security, notice provided to the data subject and having a legal basis for the processing. If you plan to use external supplier to process the personal data you have to sign a Data Processing Agreement accordingly to the article 28 of GDPR.
More GDPRtoons at https://www.GDPRtoons.com Contributed by my dear friend Piotr Siemieniak based upon typical 'real life' responses in training sessions. See https://upsecure.pl/
Solution Data Architecture, Data Governance, Helping Turn Data Chaos into Insight
6 年Just ask to be forgotten and see what hsppens!
Fashion and textile prints, Surface Pattern Designer, Author, Instructor
6 年Thanks Brent for your work in this area. The documents you have shared have been very useful and I appreciate your openness and spirit of sharing with the world. Awesome!
AI Strategist | Author | Advisor | Healthcare & Marketing AI | Data-Driven Growth & Innovation
6 年Hi John. there is no reference to Primary and Secondary personal information in the GDPR.? Article 9 addresses "Processing of special categories of personal data"? If it helps, personal information (data) is defined in Article 4 and Citation 30 makes reference to using the online identifiers to build a profile.? Article 4(1)? "‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; " (30)Natural persons may be associated with online identifiers provided by their devices, application' identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
Disambiguation Specialist
6 年Does GDPR make a distinction between *Primary* personal Information that can identity an individual directly and *Secondary* Information which by itself only identifies a Location (e.g. Street Address) but which *could* be used to uniquely identify an individual in association with another value?