The working party emphasizes that the GDPR defines profiling as automated processing of data to analyze or to make predictions about individuals; meaning that “simply assessing or classifying individuals based on characteristics” could be considered profiling, with or without predictive purpose. Three ways of using profiling are identified in the GDPR: 1) General profiling. 2) Decision-making based on profiling. 3) Solely automated decision-making, including profiling.

Working Party

The guidelines define profiling as a “procedure which may involve a series of statistical deductions … often used to make predictions about people” and analyzes Article 4(4) of the GDPR’s definition as describing three stages of processing that qualify: 1) An automated form of processing. 2) Carried out on personal data, 3) For the objective of evaluating personal aspects about a natural person.


The UK GDPR has provisions on: automated individual decision-making (making a decision solely by automated means without any human involvement); and profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process. The UK GDPR applies to all automated individual decision-making and profiling.


Dari penjelasan diatas, dapat uraikan bahwa profiling adalah sebuah bentuk pemresesan Data Pribadi secara otomatis yang digunakan dalam rangka mengevaluasi aspek tertentu terhadap seseorang.