Essential privacy and data protection terms explained
The organization that determines the purposes and means of processing personal data. They make decisions about why and how personal data is processed.
An organization that processes personal data on behalf of a data controller. They follow the controller's instructions for how to handle the data.
Any information that can be used to identify a specific individual, including names, email addresses, IP addresses, and device identifiers.
A request from an individual to exercise their privacy rights, such as accessing, correcting, or deleting their personal data.
A freely given, specific, informed agreement to the processing of personal data. Must be clear, affirmative action (not pre-ticked boxes).
A systematic analysis of how a project or system will affect the privacy of individuals. Required for high-risk processing under GDPR.
A legal basis for processing personal data when it's necessary for legitimate business purposes that don't override individual privacy rights.
The principle that personal data collection should be limited to what is directly relevant and necessary for specific purposes.
An individual's right to have their personal data erased when it's no longer necessary for the original purpose or consent is withdrawn.
An approach that embeds privacy considerations into the design and operation of systems, processes, and products from the outset.