This is a glossary where you can find key GDPR definitions and the meaning of relevant terms and abbreviations used in articles on this site. Concepts are described from a GDPR context and may be explained differently outside this specific area.
- ArchivingArchiving is defined as a secured storage of documents such that they are rendered inaccessible by authorised users in the ordinary course of business.
- Article 5(1)(a)Principles relating to processing of personal dataPersonal data shall be:(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness,(...)
- Article 10Processing of personal data relating to criminal convictions and offences
- Article 13Information to provide where personal data are collected from the data subject
- Article 14Information to provide where personal data have not been obtained from the data subject
- Article 16Right to rectification
- Article 21Right to object
- Article 23Restrictions
- Article 29Processing under the authority of the controller or processor
- Article 30Records of processing activities
- Article 35Data protection impact assessment
- Article 39Tasks of the data protection officer
- Article 51Supervisory authority
- Article 9(1)Processing of special categories of personal data1. Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union(...)
- AuditAudit means the inspection or examination of the processor's activities and its facilities to ensure GDPR compliance.
- Binding Corporate RulesBinding corporate rules means personal data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of(...)
- Biometric DataBiometric data means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm(...)
- CJEUThe Court of Justice of the European Union (CJEU) is the highest court of the EU member states. The court interprets EU law and give advice to national courts how to interpret EU law.
- ComplianceCompliance refers to the process of ensuring that an organisation follows applicable laws, rules and regulations. It is an on-going effort with constant reviews and updates. The ultimate goal is(...)
- ConsentConsent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative(...)
- ControllerController means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.(...)
- Cookies and similar technologiesCookies are text files that contain a small amount of data and are downloaded on your device when you visit a website. Cookies are useful because they allow a website to recognize your device,(...)
- Cross-border ProcessingCross-border processing means either (a) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or(...)
- Data Concerning HealthData concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or(...)
- Data ControllerThe individual or legal person who determines the purposes for which and the means by which personal data is processed.
- Data MinimisationData minimisation is a fundamental principle under the GDPR. It means that you only should collect and process personal data that is absolutely necessary to fulfil your purpose. You need to(...)
- Data PortabilityData portability is a new right for data subjects to receive and transfer their personal data between data controllers if the personal data has been provided by the data subject, and the(...)
- Data Processing AgreementA Data Processing Agreement is a legally binding document to be entered into between a data controller and a data processor when required by the GDPR.
- Data ProcessorA natural or legal person who processes personal data only on behalf of a Data Controller.
- Data Protection AuthorityAlso known as Supervisory Authority. Each Member State in the EU has a supervisory authority with the task of supervising GDPR-compliance.The supervisory authority has many responsibilities(...)
- Data Protection Impact AssessmentData protection impact assessment (DPIA) is a process to identify and mitigate data protection risks. If a processing activity is likely to result in a high risk to individuals, you need to do a(...)
- Data Protection OfficerThe Data Protection Officer (DPO) is responsible for reviewing and monitoring the internal privacy work carried out by an organisation.The tasks of a DPO is many, but consist of at least the(...)
- Data SubjectA natural person (i.e. not a company or organisation) who resides in the European Union, whose personal data is being processed.
- DestructionDestruction is defined as physical or technical destruction meant to render the information contained in documents irretrievable by ordinary commercially available means.
- DPAA Data Processing Agreement is a legally binding document to be entered into between a data controller and a data processor when required by the GDPR.
- DPIAData protection impact assessment (DPIA) is a process to identify and mitigate data protection risks. If a processing activity is likely to result in a high risk to individuals, you need to do a(...)
- DPOThe Data Protection Officer (DPO) is responsible for reviewing and monitoring the internal privacy work carried out by an organisation.The tasks of a DPO is many, but consist of at least the(...)
- EDPSThe European Data Protection Supervisor ("EDPS") is an EU institution with the goal of ensuring that EU institutions and bodies respect individuals' right to privacy when processing personal data.
- EnterpriseEnterprise means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.
- Filing SystemFiling system means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
- GDPRGeneral Data Protection Regulation. A regulation (set of rules) drafted by the EU. All EU Member States must follow these rules. It sets out rules for data protection and privacy for all(...)
- General Data Protection RegulationGeneral Data Protection Regulation. A regulation (set of rules) drafted by the EU. All EU Member States must follow these rules. It sets out rules for data protection and privacy for all(...)
- Genetic DataGenetic data means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that(...)
- Group of UndertakingsGroup of undertakings means a controlling undertaking and its controlled undertakings.
- Information Society ServiceInformation society service means a service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council (19).
- International OrganisationInternational organisation means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between(...)
- Legal BasisA basis on which you can legally motivate your processing. There are six available legal basis under the GDPR:Consent performance of a Contract (including taking steps to conclude a(...)
- Main EstablishmentMain establishment means (a) as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes(...)
- Personal DataPersonal data means any information relating to an identified or identifiable physical person (‘data subject’) (i.e. not a legal entity); an identifiable physical person is one who can be(...)
- Personal Data BreachPersonal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored(...)
- Privacy by DesignPrivacy by design means that the privacy protection rules are taken into account already when IT systems and procedures are designed.
- ProcessingProcessing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording,(...)
- ProcessorProcessor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- ProfilingProfiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to(...)
- PseudonymisationPseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information,(...)
- RecipientRecipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may(...)
- Relevant and Reasoned ObjectionRelevant and reasoned objection means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or(...)
- RepresentativeRepresentative means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor(...)
- Restriction of ProcessingRestriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
- RetentionRetention is defined as the maintenance of documents in a production or live environment that can be accessed by an authorised user in the ordinary course of business.
- Right to AccessThe right of access gives individuals the right to obtain a copy of their personal data as well as other supplementary information.
- Right to ErasureThe right to erasure means that individuals have the right to have personal data erased.
- Right to ObjectionThe right to objection means that individuals have the right to object to the processing of their personal data.
- Right to RectificationThe right to rectification means that individuals have the right to have inaccurate data rectified.
- Right to RestrictionThe right to restriction means that the individuals have the right to restrict the processing of their personal data in certain circumstances.
- Special Categories of DataMeans personal data that is more sensitive and therefore require more protection. Often referred to as "sensitive data".
- Sub-ProcessorA Sub-Processor is a third party data processor engaged by a Data Processor who has or will have access to or process personal data from a Data Controller.
- Supervisory Authority ConcernedSupervisory authority concerned means a supervisory authority which is concerned by the processing of personal data because (a) the controller or processor is established on the territory of the(...)
- The Court of Justice of the European UnionThe Court of Justice of the European Union (CJEU) is the highest court of the EU member states. The court interprets EU law and give advice to national courts how to interpret EU law.
- Third CountryIn the context of GDPR, this means countries that are not members of the European Economic Area (EEA). This area includes all member countries of the EU and Iceland, Liechtenstein and Norway.
- Third PartyThird party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or(...)
- TransparencyIn sum, transparent processing means that organisations are open and clear with:who they are how they process personal data why they process personal dataTransparency is(...)