GDPR Enforcement
Part One | Part Two | Part ThreePart Four

This is the fourth and final glossary in the GDPR series. This glossary seeks to explain the roles and changes a company needs to introduce to be GDPR compliant following GDPR Enforcement. I felt there was a large introduction of roles necessary for company’s compliance which were not explained, and I did not understand.

Like the third glossary in this series, this glossary demonstrates the more practical side of GDPR Enforcement and what a company needs to do to protect data and not incur huge fines. I have found this glossary the most useful as we are coming closer to GDPR Enforcement. These terms seem to be the most used in blogs currently.

Binding Corporate Rules (BCRs): A set of rules that allow multinational organisations to transfer personal data from the EU to their affiliates outside of the EU.

Controller: A company/organisation that collects people’s personal data and makes decisions about what to do with it.

Data Protection Officer (DPO): A representative for a controller/processor who oversees GDPR compliance and is a data-privacy expert

Data Privacy Impact Assessment (DPIA): A documented assessment of the usefulness, risks and risk-mitigation options for a certain type of processing.

Integrity & Confidentiality Security: Personal data must be processed using appropriate technical, organisational and security measures.

Legal Processing: For any personal data processed, the organisation must be able to specify that it has been processed on one of the legal grounds specified by the GDPR

  1. Individuals consent.
  2. Contract with the individual (including pre-contract arrangements).
  3. Complying with a legal obligation.
  4. If it is in the vital interest of the data subject.
  5. Necessary for a task in public interest or authority.
  6. Necessary in the legitimate interest of an organisation or third party (balanced against interests of the data subject).

Privacy Impact Assessment: A tool used to identify the privacy risks.

Processor: A company/organisation which helps a controller by “processing” data based on its instructions but doesn’t decide what to do with that data.

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, by automated means or otherwise, such as collection, recording, organisation, structuring and storage.

Although it may seem overwhelming, GDPR can be broken down into four categories:

  • EU and National Law Terminology
  • Principles Behind the Introduction of GDPR
  • What GDPR Strictly Protects
  • What Needs to be Done when GDPR Enforced

I believe it is important to understand how the terms are used as well as what they mean. From this, I have found I am able to understand different aspects of a blog or article a lot better. This has also allowed me to find definitions that I have needed a lot more quickly.

Again, please feel free to leave in the comments any further terms you feel should be included in this glossary or which could be moved around.

I hope you will find this series as useful as I have.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply