External DPO Cost
External DPO Cost

What terms are used in the GDPR?

Definitions of the GDPR:

The General Data Protection Regulation (GDPR) uses a variety of specific terms to define the different aspects and actors of data protection. A clear understanding of these terms is crucial for the correct application and compliance with the regulation. Here are the most important terms and their definitions explained in detail:

  1. Personal data (Article 4 No. 1 GDPR):
    • All information relating to an identified or identifiable natural person (data subject). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics.
  2. Data subject (Article 4 No. 1 GDPR):
    • The natural person whose personal data is processed.
  3. Processing (Article 4 No. 2 GDPR):
    • Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or linking, restriction, erasure or destruction.
  4. Person responsible (Article 4 No. 7 GDPR):
    • The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  5. Processor (Article 4 No. 8 GDPR):
    • A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  6. Consent of the data subject (Article 4 No. 11 GDPR):
    • Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.
  7. Pseudonymisation (Article 4 No. 5 GDPR):
    • The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  8. Anonymization:
    • A process by which personal data is altered in such a way that the data subject can no longer be identified. Anonymization is not explicitly defined in Article 4, but is recognized in the GDPR as a means of protecting privacy.
  9. Profiling (Article 4 No. 4 GDPR):
    • Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  10. List of processing activities (Article 30 GDPR):
    • A record of all processing activities carried out by the controller or processor. This record must contain specific information, including the purposes of the processing, the categories of data subjects and the personal data and the recipients of the data.
  11. Data protection impact assessment (Article 35 GDPR):
    • A systematic description of the processing operations envisaged and the purposes of the processing, an assessment of the necessity and proportionality of the processing operations, an assessment of the risks to the rights and freedoms of data subjects and the measures envisaged to address those risks.
  12. Data protection breach (Article 4 No. 12 GDPR):
    • A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.
  13. Supervisory authority (Article 4 No. 21 GDPR):
    • An independent public authority established by a Member State pursuant to Article 51, responsible for monitoring the application of the GDPR.
  14. Right to complain (Article 77 GDPR):
    • The right of the data subject to lodge a complaint with a supervisory authority if he or she considers that the processing of personal data concerning him or her infringes the GDPR.
  15. Data portability (Article 20 GDPR):
    • The right of the data subject to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data were provided.
  16. Right to be forgotten (Article 17 GDPR):
    • The right of the data subject to obtain from the controller the erasure of personal data concerning him or her where certain conditions are met, such as when the data are no longer necessary for the purposes for which they were collected, or when the data subject withdraws his or her consent.
  17. Restriction of processing (Article 18 GDPR):
    • The right of the data subject to obtain from the controller restriction of processing where one of the conditions in Article 18 is met, such as where the accuracy of the personal data is contested or where the processing is unlawful and the data subject opposes the erasure of the data and requests the restriction of use instead.
  18. Right to object (Article 21 GDPR):
    • The right of the data subject to object, for reasons related to his or her particular situation, at any time to processing of personal data concerning him or her which is based on points (e) or (f) of Article 6(1).
  19. Third parties (Article 4 No. 10 GDPR):
    • A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons authorised to process personal data under the direct authority of the controller or processor.
  20. Recipient (Article 4 No. 9 GDPR):
    • A natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be considered recipients.

Summary:

The GDPR contains a variety of terms that are essential to understanding and applying the regulation. These terms define the different actors, processes and rights related to the processing of personal data and form the basis for compliance with data protection requirements. A clear understanding of these terms helps companies and data subjects to better understand and implement their rights and obligations.

Globeria Consulting GmbH zeichnet sich als einer der führenden DSGVO-Dienstleister in Deutschland aus und bietet umfassende Lösungen durch zertifizierte Datenschutzbeauftragte (DSB). Unsere Dienstleistungen decken das gesamte Spektrum der DSGVO-Compliance ab und stellen sicher, dass Ihr Unternehmen alle rechtlichen Anforderungen effizient erfüllt. Vertrauen Sie auf unsere Expertise für ein beispielloses Datenschutz- und Privacy-Management.

Wir bedienen Berlin, Frankfurt, München, Magdeburg, Sachsen-Anhalt, Hamburg und ganz Deutschland.
+4939155721388
info@globeriadatenschutz.de
Arbeitszeiten: Montag-Freitag, 09:00-17:00
© 2024 Globeria Consulting GmbH. Alle Rechte vorbehalten.