0% found this document useful (0 votes)
5 views

Glossary of Key Terms and Principles Related To The General Data Protection Regulation

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
5 views

Glossary of Key Terms and Principles Related To The General Data Protection Regulation

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Glossary of key terms and principles related to the General Data Protection

Regulation (GDPR)

Personal Data: Any information relating to an identified or identifiable natural


person. This includes names, addresses, email addresses, and more.

Data Subject: The individual to whom the personal data relates. In most cases, this
is the person whose data is being processed.

Data Controller: An entity (organization or individual) that determines the purposes


and means of processing personal data.

Data Processor: An entity that processes personal data on behalf of the data
controller. They act under the authority of the data controller and must follow their
instructions.

Data Protection Officer (DPO): A person or role within an organization responsible


for ensuring GDPR compliance and assisting with data protection matters.

Consent: Freely given, specific, informed, and unambiguous indication of a data


subject's wishes by which they agree to the processing of their personal data.

Data Portability: The right for data subjects to receive their personal data in a
structured, commonly used, and machine-readable format and to transmit that data
to another controller.

Right to Access: Data subjects have the right to obtain confirmation from the data
controller as to whether their personal data is being processed and, if so, access to
that data.

Right to Erasure (Right to be Forgotten): Data subjects can request the deletion
of their personal data when certain conditions are met, such as when the data is no
longer necessary for the original purpose.

1
Data Minimization: A principle requiring that organizations only collect and
process personal data that is strictly necessary for the intended purpose.

Data Protection Impact Assessment (DPIA): An assessment carried out to identify


and mitigate the risks associated with processing personal data, especially for high-
risk activities.

Privacy by Design and Default: An approach that calls for data protection to be an
integral part of systems and processes, from their inception and by default, rather
than added on later.

Data Breach: A security incident where personal data is compromised, disclosed,


or accessed without authorization. GDPR requires reporting certain data breaches to
supervisory authorities.

Privacy Policy: A document that outlines an organization's data processing practices


and informs data subjects about how their data is collected, used, and protected.

Accountability: A fundamental GDPR principle that requires data controllers to


demonstrate their compliance with the regulation, including keeping records of data
processing activities.

Cross-Border Data Transfers: When personal data is transferred outside the


European Economic Area (EEA), additional safeguards may be required to ensure
GDPR compliance.

Legitimate Interest: A legal basis for processing personal data, provided it is


necessary for a legitimate purpose and does not infringe on the rights and interests
of data subjects.

Supervisory Authority: Independent public bodies responsible for enforcing data


protection regulations within each EU member state.

Data Subject Rights: GDPR grants data subjects various rights, including the right
to be informed, the right to rectification, and the right to object to data processing.

2
Sensitive Personal Data: Special categories of personal data, such as racial or
ethnic origin, political opinions, religious beliefs, health data, and biometric data,
which are subject to stricter protection.

You might also like