In terms of the GDPR, processing of personal data includes every stage of the data life cycle, from initial collection (whether or not collected from the data subject itself) to data destruction including data usage, access and transfers.
When processing personal data, arrangements should be in place to ensure that the following principles enshrined within the GDPR are being applied for all processing activities, including collection, storage and sharing of data:
Lawfulness, fairness and transparency
Confidentiality, accuracy and integrity
Storage limitation and Accountability