Common GDPR terms

• Data Subject: Any EU resident or individual inside the boundaries of the EU is considered a data subject.

• Personal Data: Personal data is anything that makes a data subject identifiable as a natural person. Personal data as defined in the GDPR is much broader than Personally Identifiable Information (PII).

• Consent: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies agreement to the processing of personal data relating to him or her.

• Data Controller: A natural or legal person, Public Authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

• Data Processor: A natural or legal person, Public Authority, agency or another body who process personal data on behalf of the data controller.

• Right to be Forgotten: GDPR Article 17. Any data subject can, at any time, request that you remove any data that you have about them.

• Right to Access: GDPR Article 15. Any data subject can, at any time, request that you provide them in a common, easily understood format, all the personal data that you have about them, and how it is being processed.

• Right to Portability: GDPR Article 20. A data subject can request that you provide their personal data to another organization on their behalf.

• Processing: Any operation performed on personal data, such as collection, storage, alteration, retrieval, erasure, or destruction.

• Profiling: Means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person. The GDPR contains 99 articles, please refer to the GDPR website for detailed information.

Note: The regulations don’t just impact new data but also includes archived personal data.