Data processing includes all actions and activities concerning information about a person. Personal data processing is allowed only in specific situations and is listed exhaustively in the General Data Protection Regulation.

Data processing activities can include:

data collection
recording
organisation
storage
updating
rectification
disclosure and otherwise making your data available to other persons
deletion

An example of a data record and storage is the inclusion of your name, identity code and address in the Registry of Population of Estonia, so that public authorities can contact you where needed.

An example of data disclosure is where your employer disseminates a list which includes the date of birth and mobile phone numbers of other employees between employees.

Resources

Law 2

Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

In force as of 27 April 2016
Articles 4 (2), 5-6, 9-10

Read regulation

Personal Data Protection Act

In force as of 15 January 2019

Read law

Case Law 1

Amann v. Switzerland

European Court of Human Rights
16 February 2000

Read full judgment

Other 1

Handbook on European data protection law

2018 edition
Joint publication by the EU Agency for Fundamental Rights and the Council of Europe

Read document

Human Rights Guide

A European platform for human rights education