Share on social networks!

Optimization of personal data processing

With this idea, we refer to a fundamental activity in any entity whose purpose is to continually improve the effectiveness and efficiency in data protection, focusing in this post on those of a personal nature.

Being essential for the admission of any measure of dynamic responsibility, analyze the activity of the treatment, divide in its phases, determine the treatment operations carried out in each of them, know the particularities of each phase and optimize it.

optimization of personal data processing

Tasks to do

For the optimization of personal data processing, a series of activities must be carried out, which in some way will be carried out in parallel:

∙     TREATMENT ANALYSIS: The person responsible must review treatment which aims to be carried out extensively, not just considering the treatment as a black box.

Therefore, it will be necessary identify within it, those particular operations that are carried out and relationship between them. These operations may form part of a treatment, and be of interest for data protection, since they are defined in a non-exhaustive manner, in the article 4.2 of the General Data Protection Regulation.

Treatment activities are organized into phases that implement operations. However, there is the possibility that in a processing, there may be phases that do not process personal data so that, in principle, these phases would be transparent from a security point of view.

The implementation of operations in each phase in which the treatment is structured can be carried out with organizational measures and/or technical elements, inserted through developed components for that treatment or through adaptations of ad-hoc developments of other treatments. 

Therefore, it will be unavoidable to critically review each phase and its objective to implement one of the fundamental principles of data protection and security, the data minimization principle”.

∙     USE CASES: We must keep in mind that, just as we can find simple and linear treatments, in which the default adjustment options are very limited, we must also we can find complex treatments that can provide different functionalities to adapt to users of different profiles with specific needs.

Therefore, the configuration of the service can be subject to different circumstances: normal or Premium services, adaptation to a minor, adult or senior public...

In this sense, by virtue of the type of service that the user requires or that the person responsible intends to offer, it will be necessary to collect and process both personal information and information that is not personal.

Likewise, it should be said that, in no case can it be deny access to a service simply because the user has opted for a restrictive setting in relation to the amount of data processed or the extent of the processing.

∙    RELATIONSHIPS BETWEEN TREATMENTS: In relation to this aspect, in an entity there may be various treatments with access to the same data sets and make use of common data collection, processing or communication services.

This can either be produced by components that implement shared operations between treatments that in many cases are inherited; or by the implementation of apps on mobile systems.

Therefore, the person responsible must examine each treatment within the framework of the corresponding organization to recognize the adjustment needs on the common services applicable to the different treatments: determine the minimum data necessary for each treatment, regardless of those available, perform a logical and/or physical separation of personal data used in each treatment or manage access rights according to each treatment, among others.

∙      TREATMENT ADAPTATION: Like the previous activities, it is equally important to mention the study of the stages of treatment, for each of the use cases defined by the person responsible, and determine the need for phase, in order to be able to deduce whether it would be avoidable from the point of view of the processing of personal data, the applicable minimization, the conservation period during which it is necessary to retain personal data, as well as other aspects of equal magnitude.

How does studying a Master in Data Protection benefit?

To carry out this purpose, the new approach proposed by the General Data Protection Regulation, proposes to study the entire life cycle of a data:

kKKfl5x9y2ay txZK8ddcg Bqlm9HBHytBTSntVEOoKZpVtN6N6uiFWqG0P08Ce18thazHFjJxirLz dUTje2fohf4hBorfUB2apLnljg4htpQKxJy2Ht3W8xW8DP6QNb9O2VOUq9mdkeaqC Q

This approach further ensures that Personal data will begin to be studied and protected from its initial phase, beginning to study not only the data, but also its different treatments, which is done through a risk analysis.

The study of data life cycle It is not easy, studying a Master in Data Protection, will give you the necessary knowledge to understand each of the phases and thus guarantee that the proposed security measures cover the data from capture/creation to its destruction or blocking.

Master in Compliance and Data Protection Management at the International Graduate School

Subscribe to our newsletter to stay up to date with all the news

Basic information on data protection.
Responsible for the treatment: Mainjobs Internacional Educativa y Tecnológica SAU
Purpose: Manage your subscription to the newsletter.
Legitimation for processing: Explicit consent of the interested party granted when requesting registration.
Transfer of data: No data will be transferred to third parties, except under legal obligation.
Rights: You may exercise the rights of Access, Rectification, Deletion, Opposition, Portability and, where applicable, Limitation, as explained in the additional information.
Additional information: You can consult additional and detailed information on Data Protection at https://www.mainfor.edu.es/politica-privacidad
Blog Master Dpo

Leave a comment