The key terms you need to know to mastering GDPR – GDPR Glossary
The General Data Protection Regulation entered into force on May 25th, 2018 and it will have a significant impact on the digital advertising industry. The matter could seem a little bit complicated due to the legalese sprinkled in the GDPR text. Here are some of the most useful terms you should know to master the Regulation.
- Data Subject: any person living in a country of the European Union. For the app marketing, it means a user of an app.
- Data Controller: any company or organization that collects people’s personal data and determine how to process these data.
- Data Processor: any company or organization that processes the data on the behalf of the controller but does not decide what to do with the handled data.
- Personal Data: any piece of information through which a person can be, directly or indirectly, identified such as name, identification number, location data.
- Sensitive Personal Data: special categories of personal data as those relating to race, politics, religion, genetics, biometrics or sexual orientation.
- Processing: any operation or set of operations which is performed on personal data or on sets of personal data, by automated means or otherwise, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use.
- Data Protection Officer (DPO): an expert on data privacy who works as a representative for the controller and the processor to oversee GDPR compliance.
- Data Protection Authority (DPA): independent public (national) authorities that supervise the application of the data protection law and handle violations of the GDPR. There is one in each EU Member State.
- Data Privacy Impact Assessment (DPIA): a documented assessment developed to identify and reduce the privacy risks for a certain type of processing.
- Supervisory Authority: formerly known as “data protection authority”. A public authority established by a member state in accordance with article 46. Authority who oversees that country’s data privacy enforcement.
- Third Countries: any country outside the EU borders.
- Encrypted Data: personal data that is protected by using technological measures to ensure that the data is only readable by those having specific access.
- Genetic Data: any data concerning the inherited or acquired genetic features of an individual which give unique information about the health or physiology of that individual.
- Consent: explicitly and freely given, specific and informed. It has to be given by statement and to be proven. Consumers can withdraw consent at their discretion.
- Biometric Data: any data relating to the physical, physiological or behavioral features of an individual which allows their unique identification.
- Personal Data Breach: a breach of security leading to the accidental or unlawful destruction or access to personal data. A personal data breach can include access by an unauthorised third party, deliberate or accidental action by controllers or processors, alteration of personal data without permission and loss of availability of personal data.
- Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, such as predicting aspects concerning that natural person’s performance at work.
- Regulation: a binding legislative act that must be applied in its entirety across the Union.
- Right To Be Forgotten: the right of individuals to ask for their data to be erased by making a formal request, either verbally or in writing. Controllers/processors have one calendar month to reply.
- Right To Access: the right of individuals to get access to their personal and sensitive personal data as well as the confirmation that their data have been processed.
- Right To Be Informed: the right of individuals to be informed by the controllers about the collection and use of their personal data.
- Right To Rectification: the right of individuals to make a request, verbally or in writing, in order to obtain the rectification or completion of inaccurate or incomplete data.
- Right To Restrict Processing: the right of individuals to make a request, verbally or in writing, to obtain the restriction or suppression of their data.
- Right To Data Portability: the right of individuals to export and use their data for their own purposes.
- Right To Object: the right of individuals to object to direct marketing, to processing based on legitimate interests, to processing for purposes of historical or scientific research.