The GDPR applies to the processing of personal data wholly or partly by automated means, and processing other than by automated means of personal data that forms part of, or is intended to be part of, a filing system (whether physical or electronic).
‘Processing’ includes the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, disclosure, etc. of personal data.
