Part One | Part Two | Part Three | Part Four
This is the fourth and final glossary in the GDPR series. This glossary seeks to explain the roles and changes a company needs to introduce to be GDPR compliant following GDPR Enforcement. I felt there was a large introduction of roles necessary for company’s compliance which were not explained, and I did not understand.
Like the third glossary in this series, this glossary demonstrates the more practical side of GDPR Enforcement and what a company needs to do to protect data and not incur huge fines. I have found this glossary the most useful as we are coming closer to GDPR Enforcement. These terms seem to be the most used in blogs currently.
Binding Corporate Rules (BCRs): A set of rules that allow multinational organisations to transfer personal data from the EU to their affiliates outside of the EU.
Controller: A company/organisation that collects people’s personal data and makes decisions about what to do with it.
Data Protection Officer (DPO): A representative for a controller/processor who oversees GDPR compliance and is a data-privacy expert
Data Privacy Impact Assessment (DPIA): A documented assessment of the usefulness, risks and risk-mitigation options for a certain type of processing.
Integrity & Confidentiality Security: Personal data must be processed using appropriate technical, organisational and security measures.
Legal Processing: For any personal data processed, the organisation must be able to specify that it has been processed on one of the legal grounds specified by the GDPR
- Individuals consent.
- Contract with the individual (including pre-contract arrangements).
- Complying with a legal obligation.
- If it is in the vital interest of the data subject.
- Necessary for a task in public interest or authority.
- Necessary in the legitimate interest of an organisation or third party (balanced against interests of the data subject).
Privacy Impact Assessment: A tool used to identify the privacy risks.
Processor: A company/organisation which helps a controller by “processing” data based on its instructions but doesn’t decide what to do with that data.
Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, by automated means or otherwise, such as collection, recording, organisation, structuring and storage.
Although it may seem overwhelming, GDPR can be broken down into four categories:
- EU and National Law Terminology
- Principles Behind the Introduction of GDPR
- What GDPR Strictly Protects
- What Needs to be Done when GDPR Enforced
I believe it is important to understand how the terms are used as well as what they mean. From this, I have found I am able to understand different aspects of a blog or article a lot better. This has also allowed me to find definitions that I have needed a lot more quickly.
Again, please feel free to leave in the comments any further terms you feel should be included in this glossary or which could be moved around.
I hope you will find this series as useful as I have.