Rock the OneTrust Certified Privacy Pro Exam 2025 – Privacy Pros, Prepare to Shine!

The choice that defines 'profiling' according to GDPR is centered on the concept of automated processing. Specifically, GDPR describes profiling as the automated processing of personal data to evaluate certain aspects of an individual, such as analyzing or predicting their personal preferences, behavior, or interests. This definition is significant because it pertains to how organizations can use data to make decisions about individuals without human intervention, which raises important privacy considerations.

Profiling can have implications for individuals, particularly regarding how data might be used to influence decision-making processes in areas like marketing, risk assessment, and even law enforcement. The GDPR sets forth regulations to ensure that individuals have rights related to profiling, including transparency about how their data is used and the ability to challenge the decisions made based on such profiling.

In contrast, options that refer to manual processing or a limited scope of data, such as focusing solely on financial data or creating user agreements, do not align with the GDPR's broader and more specific definition of profiling. Profiling inherently involves automated techniques rather than manual approaches, and it encompasses much more than just financial data—it includes a wide range of personal attributes and behaviors.