GDPR Terminology

Data Controller – the entity that determines the purposes, conditions and means of the processing of personal data

Data Processor – the entity that processes data on behalf of the Data Controller

Data Portability – the requirement for controllers to provide the data subject with a copy of his or her data in a format that allows for easy use with another controller

Data Erasure – also known as the Right to be Forgotten, it entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data

Data Protection Authority – national authorities tasked with the protection of data and privacy as well as monitoring and enforcement of the data protection regulations within the Union

Data Subject – a natural person whose personal data is processed by a controller or processor

Encrypted Data – personal data that is protected through technological measures to ensure that the data is only accessible/readable by those with specified access

Filing System – any specific set of personal data that is accessible according to specific criteria, or able to be queried

Genetic Data – data concerning the characteristics of an individual which are inherited or acquired which give unique information about the health or physiology of the individual

Personal Data – any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person

Personal Data Breach – a breach of security leading to the accidental or unlawful access to, destruction, misuse, etc. of personal data

Privacy by Design – a principle that calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition

Privacy Impact Assessment – a tool used to identify and reduce the privacy risks of entities by analysing the personal data that are processed and the policies in place to protect the data

Processing – any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.

Profiling – any automated processing of personal data intended to evaluate, analyse, or predict data subject behavior

Pseudonymisation – the processing of personal data such that it can no longer be attributed to a single data subject without the use of additional data, so long as said additional data stays separate to ensure non-attribution

Recipient – entity to which the personal data are disclosed

Regulation – a binding legislative act that must be applied in its entirety across the Union

Right to be Forgotten – also known as Data Erasure, it entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data

Right to Access – also known as Subject Access Right, it entitles the data subject to have access to and information about the personal data that a controller has concerning them

Post Written by

Powerful. Smart. HR Software.
Linkedin icon Twitter icon Facebook icon Instagram icon