The use of your personal data by somebody else, such as a public authority or a private individual or entity, is called data processing.
Data processing includes all actions and activities concerning information about a person. Personal data processing is allowed only in specific situations and is listed exhaustively in the General Data Protection Regulation.
Data processing activities can include:
- data collection
- recording
- organisation
- storage
- updating
- rectification
- disclosure and otherwise making your data available to other persons
- deletion
An example of a data record and storage is the inclusion of your name, identity code and address in the Registry of Population of Estonia, so that public authorities can contact you where needed.
An example of data disclosure is where your employer disseminates a list which includes the date of birth and mobile phone numbers of other employees between employees.