The purpose of data processing according to ENISA is to ensure the secure and lawful handling of personal data. Data processing involves any operation or set of operations performed on personal data, among others, collection, storage, retrieval, use, disclosure, and erasure. Some obectives for data processing are the following:
Protecting Privacy and Data Subjects' Rights: ENISA emphasizes the importance of safeguarding individuals' privacy rights and ensuring that their personal data is processed in accordance with applicable data protection laws, such as the General Data Protection Regulation (GDPR) within the EU.
Ensuring Data Security: ENISA promotes measures and best practices to secure personal data from unauthorized access, disclosure, alteration, or destruction. This includes the implementation of technical and organizational measures to prevent data breaches and cyberattacks.
Supporting Legitimate Data Uses: Data processing should be carried out for specific and legitimate purposes and not used for any incompatible or unlawful purposes. ENISA stresses the importance of obtaining explicit and informed consent from data subjects when necessary.
Ensuring Data Accuracy and Integrity: ENISA highlights the significance of maintaining accurate and up-to-date personal data and preventing its alteration or corruption during processing.
Promoting Accountability and Transparency: Data controllers are responsible for complying with data protection regulations and must be transparent about their data processing practices. This includes informing data subjects about the purposes of processing and their rights regarding their data.
Supposing an SME processes customers’name, postal and/or email address in the context of its e-commerce platform, the same data may be processed by the SME for marketing (offers, newsletters). Still, the two processing operations, due to their distinct purposes, may present different types of risks that need to be specifically addressed.
Publication: ENISA