Lexicon > Data processing

IT Glossary

Data processing

Processing of personal data is any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by means of automated processes.

Thus, the collection, recording, organization, structuring, storage, modification, adaptation, retrieval, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection,anonymization, limitation, deletion or destruction of personal data is constituted.

Thus a data processing does not necessarily require the conservation of the data (live broadcast of captured images, biometric sensors…).

On the other hand, the mere storage of personal data does constitute processing of such data.

Data processing is not exclusively carried out electronically, so a paper file may also constitute processing of personal data and therefore be subject to the application of the GDPR if necessary.

However, operations involving data that are not personal in nature do not constitute data processing within the meaning of the GDPR.

In order to be lawful, data processing must have a specific purpose and a legal basis before it is carried out.

GDPR Point


“The processing of personal data should be designed to serve mankind.”

Recital 4 of the GDPR

Point of jurisprudence

The Council of State has considered, with regard to the use of video surveillance drones, that “the contested surveillance system […] which consists of collecting data, thanks to the capture of images by drone, transmitting them, in certain cases, to the command center of the police headquarters for real-time viewing and using them to carry out administrative police missions constitutes processing

Council of State, Order of May 18, 2020, No. 440442 and 440445

The Bouchara firm assists you in particular in :

  • Making your organization GDPRcompliant;
  • The drafting of data protection policies (privacy policy, computer charter …);
  • Documentation of your processing (register of processing activities, register of violations, privacy impact analysis, prior consultation…);
  • Obtaining certifications and adhering to codes of conduct;
  • The study of the legal feasibility of the implementation of a new personal data processing;
  • The drafting and transmission of your codes of conduct to the CNIL for approval;
  • Legal analysis of the compliance of your data processing, including data transfers outside the European Economic Area;
  • Drafting and negotiating your data processing agreements (DPA);
  • Drafting your Binding Corporate Rules (BCR) and Codes of Conduct;
  • Training and awareness of your employees.

We are also the external Data Protection Officer of many data processors and subcontractors.