Need-to-Know GDPR Terminology for Compliance Success- Part 2

GDPR Terminology

GDPR from A-Z

Organizations worldwide are scrambling to meet GDPR compliance before the regulation takes effect on May 25th of this year (2018). Other still aren’t taking it seriously enough. Hopefully, you’re here because your organization is committed to taking the necessary steps towards GDPR compliance. If you’re just beginning to learn about the General Data Protection Regulation, use this GDPR Terminology Cheat-Sheet (terms from E-O) to help guide you through the legislation. If you’re a little further along in your GDPR knowledge you can use this cheat sheet to evangelize GDPR compliance awareness throughout your organization.

GDPR Terminology

Get your Cheat-Sheet from A to D here!

Here’s your GDPR Terminology Cheat-Sheet from E to O:

We’ve indexed each term, of which chapters, articles and recitals they appear in. Use this nifty resource to follow along in the regulation as you go.

Without further ado…

GDPR Terminology

Encryption or Encrypted Data

Personal data that is protected with a unique key, ensuring that the data is only accessible/readable by those who have been authorized

Article 6, Article 32, Article 34, Recital 83


A natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity

Article 4, Article 30, Article 40, Article 42, Article 47, Article 88, Recital 13, Recital 37, Recital 98, Recital 110, Recital 132, Recital 167

Filing System

Any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis

Article 2, Article 4, Recital 15, Recital 31, Recital 67

Genetic Data

Personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;

Article 4, Article 9, Recital 34, Recital 35, Recital 53, Recital 75

Group of Undertakings

Controlling undertaking and its controlled undertakings

Article 4, Article 36, Article 37, Article 47, Article 88, Recital 36, Recital 37, Recital 48, Recital 110

Information Society Service

A service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council (¹)

Article 4, Article 8, Article 17, Article 21, Recital 21, Recital 32

International Organization

An organization and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries

Chapter 5, Article 4, Article 13, Article 14, Article 15, Article 28, Article 30, Article 40, Article 42, Article 44, Article 45, Article 46, Article 49, Article 50, Article 58, Article 70, Article 71, Article 83, Article 85, Article 96, Article 97, Recital 6, Recital 101, Recital 102, Recital 103, Recital 105, Recital 106, Recital 107, Recital 108, Recital 112, Recital 139, Recital 153, Recital 168, Recital 169

Main Establishment

  1. a) as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment;
    b) as regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation

Article 4, Article 56, Article 60, Article 65, Recital 36, Recital 124, Recital 126

Now that you have a good understanding of GDPR Terminology you can move on to determine whether your organization will be held responsible for GDPR compliance.  If you’re already sure that you will be obligated under this new legislation and are searching for effective compliance training, we offer several options to fit your skill level.

Microsoft 365 GDPR Compliance

CyberTraining 365 is an online academy that offers nearly 1,000 hours of relevant and cutting-edge GDPR and cybersecurity training. Our training provides the most in-demand industry certification prep courses including EC-Council, CompTIA, (ISC)2 and Cisco; all taught by leading cybersecurity experts. All of our offerings are aligned with the national initiative for cybersecurity education (NICE) and ensure the most up-to-date information for this constantly shifting field. With engaging content in a scenario-based format, CyberTraining 365 uses bite-sized micro-learning methodology ensures learners are not overwhelmed with information. On Demand, LMS platform has white-label capabilities ideal for internal training purposes.

Leave a Reply

Your email address will not be published. Required fields are marked *