Data Controller – the entity that determines the purposes, conditions and means of the processing of personal data
Data Processor – the entity that processes data on behalf of the Data Controller
Data Portability – the requirement for controllers to provide the data subject with a copy of his or her data in a format that allows for easy use with another controller
Data Erasure – also known as the Right to be Forgotten, it entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data
Data Protection Authority – national authorities tasked with the protection of data and privacy as well as monitoring and enforcement of the data protection regulations within the Union
Data Subject – a natural person whose personal data is processed by a controller or processor
Encrypted Data – personal data that is protected through technological measures to ensure that the data is only accessible/readable by those with specified access
Filing System – any specific set of personal data that is accessible according to specific criteria, or able to be queried
Genetic Data – data concerning the characteristics of an individual which are inherited or acquired which give unique information about the health or physiology of the individual
Personal Data – any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person
Personal Data Breach – a breach of security leading to the accidental or unlawful access to, destruction, misuse, etc. of personal data
Privacy by Design – a principle that calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition
Privacy Impact Assessment – a tool used to identify and reduce the privacy risks of entities by analysing the personal data that are processed and the policies in place to protect the data
Processing – any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.
Profiling – any automated processing of personal data intended to evaluate, analyse, or predict data subject behavior
Pseudonymisation – the processing of personal data such that it can no longer be attributed to a single data subject without the use of additional data, so long as said additional data stays separate to ensure non-attribution
Recipient – entity to which the personal data are disclosed
Regulation – a binding legislative act that must be applied in its entirety across the Union
Right to be Forgotten – also known as Data Erasure, it entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data
Right to Access – also known as Subject Access Right, it entitles the data subject to have access to and information about the personal data that a controller has concerning them