🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

GDPR: The purposes of processing

Home GDPR: The purposes of processing

The notion of purpose is central in matters of personal data protection. Knowing the purpose of processing means answering the question: why do I use this data? What are they for me? In other words, the purpose of processing is the objective pursued by the latter, its reason for being.

For example, on a merchant site, you must collect your customer's postal address in order to deliver their order to the right place. The purpose of processing this data is therefore to ensure delivery correctly.

The response to the survey: Is it obligatory to determine the purpose of processing to keep your register?

During a survey carried out on November 30 on our LinkedIn page, we asked you whether it is obligatory to determine the purpose of processing to keep your register.

You were strong! Out of 205 voters, 97% of you voted yes. This is indeed the correct answer, it is obligatory.

Indeed, the GDPR requires the company to determine the purpose of each of its data processing operations before implementing them. This ensures the lawfulness and legitimacy of the processing.

According to the CNIL: "The data is collected for a specific and legitimate purpose and is not subsequently processed in a manner incompatible with this initial objective. This principle of purpose limits the way in which the data controller can use or reuse this data in the future. "  

Obligations to define the purposes of data processing

The purpose of the processing must be determined from the design of the project which involves processing personal data. Then, you must enter this purpose in your processing register. It must meet 4 criteria communicated by the CNIL:

1. The purpose must be determined, legitimate and explicit. The objective pursued by the processing must be clear and understandable by everyone and in line with the activities of your company.

2. The purpose must be respected, that is to say that the processing cannot be used for purposes other than those defined beforehand.

3. The data used must be necessary for the company's activity. The purpose of the processing must be relevant to your company's obligations.

4. The purpose of the data processing will determine the retention period which will be more or less long.

Simply identify your processing purposes with Data Comply One (formerly Mission RGPD)

Are you having trouble identifying your goals? You don't have time to think about and concretely set up your treatment register? Or do you lack the means to be compliant?

With Data Comply One (formerly Mission RGPD), you simply identify the purposes and sub-purposes of your processing. Thanks to our pre-filled templates, you will find writing proposals

purposes and sub-purposes ready to be used. You can obviously modify them if necessary and even create your own templates.

Don't waste any more time, it's so simple!

Request a demo
Other articles
on the same subject