Demystifying GDPR – A Glossary

Book a demo

close up,of,male,hands,using,laptop,at,office,,man's,hands

Let’s get to grips with demystifying the General Data Protection Regulation with our terms glossary

Biometric Data

This is data that enables the identification of a data subject. It can include behavioral and physical characteristics of that person.

Controller

The data controller is the owner of the personal data. They decide what is done with that data, it’s purpose and who processes it.

Consent

This is when we give the data subject the opportunity to allow or deny us the permission to use their personal data. It needs to be clear what the data is going to be used for and should be as easy to revoke that consent as it is to give it.

Data Protection Officer

The DPO is an independent expert who ensure that a business is following the rules set out in the GDPR.

Encryption

Encryption is a method of ensuring the confidentiality and integrity of an instance of data. It works by translating that information into seemingly random code, preventing it from being read by anyone without the decryption key.

Filing System

This is a set of personal data that has been well structured enough to enable it to be searched through to identify an individual.

a good privacy notice should tell you who is collecting information, what is gong to be used for and whether it will be shared
See how simple it is with ISMS.online

Genetic

Genetic data concern the information held on a subject that can be identified through their genes. This can include inherited health issues and practicalities.

Health Data

Personal data that includes a subject’s mental and physical health, as well as any health services they access.

Portability

This is when the data subject can request a copy of the data that is being held on them and can pass that data to another party.

Processor

The data processor is the entity that processes personal data for the controller. This can be an analytics provider or marketing email company.

Privacy by Design

This is a term used to describe the approach that is taken right at the start of a project or plan, that ensures the privacy of its users is secure. This reduces the need to make further changes down the line to satisfy this need.

Right to be Forgotten

This is also sometimes referred to in the GDPR as data erasure. A data subject can request that personally identifiable information and personal information stored on them be deleted. This can include items that are posted online by the subject themselves, as well as use of that data by third parties.

The Subject

Also known as the Data Subject refers to the individual that you are holding personal data on.

dont bury your head in the sand over gdpr
See how simple it is with ISMS.online

Book your demo

cta image

ISMS.online now supports ISO 42001 - the world's first AI Management System. Click to find out more