Glossary of Key Terms and Principles Related To The General Data Protection Regulation
Glossary of Key Terms and Principles Related To The General Data Protection Regulation
Regulation (GDPR)
Data Subject: The individual to whom the personal data relates. In most cases, this
is the person whose data is being processed.
Data Processor: An entity that processes personal data on behalf of the data
controller. They act under the authority of the data controller and must follow their
instructions.
Data Portability: The right for data subjects to receive their personal data in a
structured, commonly used, and machine-readable format and to transmit that data
to another controller.
Right to Access: Data subjects have the right to obtain confirmation from the data
controller as to whether their personal data is being processed and, if so, access to
that data.
Right to Erasure (Right to be Forgotten): Data subjects can request the deletion
of their personal data when certain conditions are met, such as when the data is no
longer necessary for the original purpose.
1
Data Minimization: A principle requiring that organizations only collect and
process personal data that is strictly necessary for the intended purpose.
Privacy by Design and Default: An approach that calls for data protection to be an
integral part of systems and processes, from their inception and by default, rather
than added on later.
Data Subject Rights: GDPR grants data subjects various rights, including the right
to be informed, the right to rectification, and the right to object to data processing.
2
Sensitive Personal Data: Special categories of personal data, such as racial or
ethnic origin, political opinions, religious beliefs, health data, and biometric data,
which are subject to stricter protection.