Purpose for processing

Overview

  • Your purposes for processing is the reasons (purposes) why you use or store (process) personal information.
  • You are required to be clear and open about your purposes for obtaining personal information and document them in your privacy information for individuals
  • You may have multiple purposes for processing
  • If you are processing information for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, your purpose for processing does not need to be compatible for with the original purpose for which it was captured. However, safeguards such as data minimisation must be observed.

Example

people123.png agenda_1.png info2.png
A customer contacts your company for a quote.

You need to store their information so as to provide a quote

You are now processing their information for the purpose of providing goods and services (or a quote)

Here are some more examples of different purposes for processing personal information:

  • Payroll (ensuring that wages are calculated and paid correctly
  • Reimbursement of costs
  • Recruitment and selection
  • Staff administration
  • Management of personnel and intermediaries (performance appraisals, follow-up, training and career)
  • Work planning
  • Time registration
  • Insurances
  • Pension plan
  • Education
  • Employee monitoring
  • Site security
  • Access control
  • Video surveillance
  • Occupational risk prevention
  • Profiling
  • Automated decision-making
  • Client accounting
  • Fiscal and administrative management
  • Provision of financial solvency and creditworthiness services
  • Economic-financial services
  • Direct marketing
  • E-commerce
  • Advertising and commercial research
  • Electronic communication services
  • Provision of electronic certification services
  • Cultural, sports and social activities management
  • Statistical, historical or scientific purposes
  • Dispute management
  • IT services (e.g., PaaS, SaaS, IaaS) (e.g. hosting of a website, off-line data processing, cloud services, or similar)
  • Compliance with local legislation (e.g. fraud detection, investigation)

What the regulator says

GDPR: Principles relating to the processing of personal data - Article 5 (1b)

Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);

GDPR: Safeguards and derogations- Article 89(1)

Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject.

References