GDPR Terminology

As the execution of the General Data Protection Regulation (GDPR) draws nearer, it is vital that companies and organizations understand the terms that are used. Below are some of the words that you may have viewed, with a short description for each.

  • Data Controller – a person who makes a decision what personal data is handled and how it ought to be handled. This can also pertain to a set of people. It incorporates people who work for a company that handles personal data.
  • Data Processor – a third-party that handles data for a data controller. For instance, IT service providers handle personal data for the companies they provide a facility for.
  • Personal Data – any bit of data, or collection of private data, that can lead to the detection of an individual. Data can contain items such as Internet Protocol addresses and physical addresses as well as telephone numbers.
  • Data Subject – the person whose personal data is being handled.
  • Right to be forgotten – the right for a person to request that personal data is erased. This request doesn’t necessarily should be complied with, if there’s a legally convincing reason for the personal data to continue being handled.
  • Data Protection Officer (DPO) – the individual responsible for supervising data protection and GDPR conformity within an organization. All public organizations must have a DPO in place, as do businesses or organizations that perform large-scale checking of individuals and those that handle a large volume of personal data which pertains to special types, as detailed by the GDPR.
  • Data Protection Authority – the body responsible for the overseeing of data safety, and GDPR compliance, in each EU state. The dominant authority, which has full control, is the Data Protection Board.

These aren’t all of the terms that you will observe mentioned in GDPR, nevertheless, they are a few of the most familiar ones.