Certified Information Privacy Professional – Europe (CIPP/E) — Question 125

How does the GDPR now define “processing”?

Answer options

• A. Any act involving the collecting and recording of personal data.
• B. Any operation or set of operations performed on personal data or on sets of personal data.
• C. Any use or disclosure of personal data compatible with the purpose for which the data was collected.
• D. Any operation or set of operations performed by automated means on personal data or on sets of personal data.

Correct answer: B

Explanation

The correct answer is B because the GDPR specifically defines processing as any operation or set of operations performed on personal data. Option A is too narrow, as it only includes collecting and recording. Option C focuses on use or disclosure but does not encompass all processing activities. Option D limits processing to automated means, which is not the complete definition under GDPR.