Need-to-Know GDPR Terminology for Compliance Success- Part 3

GDPR Terminology

GDPR from A-Z

The General Data Protection Regulation (GDPR) is only two months away and many are still confused about the taxonomy used throughout the legislation, rendering them unable to understand the resources they need to prepare for compliance. This cheat sheet of GDPR terminology, from P to Re, can help you better understand the legislation and resources associated with it, or help you evangelize awareness to the rest of your organization.

GDPR Terminology

To get your GDPR Terminology E to O, click here!

Here’s your GDPR Terminology Cheat-Sheet from P-Re:

We’ve indexed each term, of which chapters, articles and recitals they appear in. Use this nifty resource to follow along in the regulation as you go. https://gdpr-info.eu

Here we go!

GDPR Terminology

Personal Data

Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

(As you can see by how many times personal data is mentioned, that’s it’s a key component of GDPR compliance.)

Chapter 5, Article 1, Article 2, Article 3, Article 4, Article 5, Article 6, Artical 7, Article 9, Artical 10, Article 11, Article 13, Article 14, Article 15, Article 16, Article 17, Article 18, Article 20, Article 19, Article 21, Article 22, Article 23, Article 25, Article 27, Article 28, Article 29, Article 30, Article 32,  Article 33, Article 34, Article 35, Article 37, Article 38, Article 39, Article 40, Artical 42, Article 44, Article 45, Article 46, Article 47, Article 49, Article 50, Article 53, Article 57, Article 58, Article 70, Article 77, Article 79, Article 80, Article 83, Article 85, Article 86, Article 88, Article 89, Article 90, Article 98, Recital 1, Recital 2, Recital 3, Recital 4, Recital 5, Recital 6, Recital 7, Recital 9, Recital 10, Recital 11, Recital 12, Recital 13, Recital 14, Recital 15, Recital 16, Recital 17, Recital 18, Recital 19, Rectial 20, Recital 22, Recital 23, Recital 24, Recital 26, Recital 27, Recital 28, Recital 29, Recital 31, Recital 32, Recital 33, Recital 34, Recital 35, Recital 36, Recital 37, Recital 38, Recital 39, Recital 40, Recital 42, Recital 43, Rectial 45, Recital 46, Recital 47, Recital 48, Recital 49, Recital 50, Recital 51, Recital 52, Recital 53, Recital 54, Recital 55, Recital 56, Recital 57, Recital 58, Recital 59, Recital 60, Recital 61, Recital 62, Recital 63, Recital 64, Recital 65, Recital 66, Recital 67, Recital 68, Recital 69, Recital 70, Recital 71, Recital 72, Recital 73, Recital 75, Recital 78, Recital 80, Recital 81, Recital 83, Recital 84, Recital 85, Recital 86, Recital 87, Recital 88, Recital 89, Recital 90, Recital 91, Recital 96, Recital 97, Recital 101, Recital 102, Recital 103, Recital 104, Recital 105, Recital 108, Recital 110, Recital 111, Recital 112, Recital 113, Recital 115, Recital 116, Recital 122, Recital 123, Recital 124, Recital 127, Recital 129, Recital 139, Recital 142, Recital 153, Recital 154, Recital 155, Recital 156, Recital 157, Recital 158, Recital 159, Recital 160, Recital 162, Recital 164, Recital 166, Recital 170

Personal Data Breach

Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

Article 4, Article 33, Article 34, Article 40, Article 58, Article 70, Recital 73, Recital 85, Recital 86, Recital 87, Recital 88

Privacy by Design (or Data Protection by Design)

A principle that calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition

Article 25, Article 47, Recital 78, Recital 108

Privacy Impact Assessment (or Data Protection Impact Assessment)

A tool used to identify and reduce the privacy risks of entities by analyzing the personal data that are processed and the policies in place to protect the data

Article 35, Article 36, Article 39, Article 57, Article 64, Recital 84, Recital 89, Recital 90, Recital 91, Recital 92, Recital 93, Recital 94, Recital 95

Processing

Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

Chapter 2, Chapter 3, Chapter 4, Chapter 9, Article 1, Article 2, Article 3, Article 4, Article 5, Article 6, Artical 7, Article 8, Article 9, Artical 10, Article 11, Article 12, Article 13, Article 14, Article 15, Article 16, Article 17, Article 18, Article 19, Article 20, Article 21, Article 22, Article 24, Article 23, Article 25, Article 26, Article 27, Article 28, Article 29, Article 30, Article 32,  Article 35, Article 36, Article 37, Article 38, Article 39, Article 40, Artical 41, Article 42, Article 44, Article 47, Article 51, Article 55, Article 56, Article 57, Article 58, Article 60, Article 62, Article 64, Article 71, Article 77, Article 79, Article 80, Article 81, Article 82, Article 83, Article 85, Article 86, Article 87, Article 88, Article 89, Article 91, Article 94, Article 95, Article 98, Recital 1, Recital 2, Recital 3, Recital 4, Recital 9, Recital 10, Recital 11, Recital 12, Recital 13, Recital 14, Recital 15, Recital 16, Recital 17, Recital 18, Recital 19, Rectial 20, Recital 22, Recital 23, Recital 24, Recital 26, Recital 27, Recital 29, Recital 31, Recital 32, Recital 33, Recital 36, Recital 37, Recital 38, Recital 39, Recital 40, Recital 42, Recital 43, Recital 44, Rectial 45, Recital 46, Recital 47, Recital 48, Recital 49, Recital 50, Recital 51, Recital 52, Recital 53, Recital 54, Recital 55, Recital 56, Recital 58, Recital 60, Recital 61, Recital 62, Recital 63, Recital 65, Recital 66, Recital 67, Recital 68, Recital 69, Recital 70, Recital 71, Recital 72, Recital 73, Recital 74, Recital 75, Recital 76, Recital 77, Recital 78, Recital 79, Recital 80, Recital 81, Recital 82, Recital 83, Recital 84, Recital 89, Recital 90, Recital 91, Recital 92, Recital 93, Recital 94, Recital 96, Recital 97, Recital 98, Recital 104, Recital 105, Recital 108, Recital 113, Recital 114, Recital 115, Recital 117, Recital 122, Recital 123, Recital 124, Recital 126, Recital 127, Recital 128, Recital 29, Recital 131, Recital 135, Recital 139, Recital 142, Recital 144, Recital 146, Recital 153, Recital 154, Recital 155, Recital 156, Recital 158, Recital 159, Recital 160, Recital 162, Recital 171, Recital 173

Processor

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law

Chapter 4, Chapter 8, Article 3, Article 4, Article 23, Article 27, Article 28, Article 29, Article 30, Article 31, Article 32, Article 33, Article 35, Article 36, Article 37, Article 38, Article 39, Article 40, Article 41, Article 42, Article 43, Article 44, Article 46, Article 47, Article 48, Article 49, Article 56,  Article 57, Article 58, Article 60, Article 62, Article 65, Article 70, Article 79, Article 81, Article 82, Article 83, Article 85, Article 90, Recital 13, Recital 18, Recital 22, Recital 23, Recital 24, Recital 25, Recital 28, Recital 36, Recital 77, Recital 78, Recital 79, Recital 80, Recital 81, Recital 82, Recital 83, Recital 95, Recital 97, Recital 98, Recital 99, Recital 101, Recital 108, Recital 109, Recital 114, Recital 115, Recital 122, Recital 124, Recital 126,Recital 127, Recital 131, Recital 132, Recital 143, Recital 144, Recital 145, Recital 146, Recital 147, Recital 148, Recital 153, Recital 164, Recital 168,

Profiling

Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements

Chapter 3, Article 4, Article 13, Article 14, Article 15, Article 21, Article 22, Article 35, Article 47, Article 70, Recital 24, Recital 30, Recital 60, Recital 63, Recital 70, Recital 71, Recital 72, Recital 73, Recital 91

Pseudonymisation

The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

Article 4, Article 6, Article 25, Article 32, Article 40, Article 89, Recital 26, Recital 28, Recital 29, Recital 75, Recital 85, Recital 156

Recipient

A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing

Article 4, Article 13, Article 19, Article 14, Article 15, Article 30, Article 46, Article 49, Article 58, Article 83, Recital 31, Recital 61, Recital 63, Recital 101, Recital 111

Relevant or Reasoned Objection

Processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.

Article 4, Article 60, Article 65, Article 92, Recital 31, Recital 124

Representative

A natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their respective obligations under this Regulation

Chapter 4, Article 4, Article 13, Article 14, Article 27, Article 30, Article 31, Article 35, Article 58, Article 68, Article 76, Recital 80, Recital 139

GDPR Compliance Next Steps?

Now that you have a good understanding of GDPR Terminology you can move on to determine whether your organization will be held responsible for GDPR compliance.  If you’re already sure that you will be obligated under this new legislation and are searching for effective compliance training, we offer several options to fit your skill level.

Microsoft 365 GDPR Compliance

CyberTraining 365 is an online academy that offers nearly 1,000 hours of relevant and cutting-edge GDPR and cybersecurity training. Our training provides the most in-demand industry certification prep courses including EC-Council, CompTIA, (ISC)2 and Cisco; all taught by leading cybersecurity experts. All of our offerings are aligned with the national initiative for cybersecurity education (NICE) and ensure the most up-to-date information for this constantly shifting field. With engaging content in a scenario-based format, CyberTraining 365 uses bite-sized micro-learning methodology ensures learners are not overwhelmed with information. On Demand, LMS platform has white-label capabilities ideal for internal training purposes.

Leave a Reply

Your email address will not be published. Required fields are marked *