General Data Protection Regulation (GDPR) Glossary

A Glossary of Terms and Definitions as used in relation to the GDPR.

Jim Evans avatar
Written by Jim Evans
Updated over a week ago

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. 

Data Subject
A person who lives in the EU whose personal data is processed by a controller or processor

Personal Data
Any information related to a Data Subject, that can be used to directly or indirectly identify the person

Data Controller
A company or organization that collects and/or determines the purposes, conditions, and means of the processing of personal data. In the context of your relationship with FULL FABRIC, you’re collecting personal data and are determining how it will be processed and are therefore the controller of that data, and must comply with applicable data privacy legislation accordingly.

Data Processor
The company or organization that processes data on behalf of the Data Controller. In the context of your relationship with FULL FABRIC, we are the Data Processor.

Any operation performed on personal data or sets of personal data, by automated means or otherwise, including collection, use, structuring, storage, adaptation or alteration, retrieval, consultation, dissemination, restriction, erasure, or destruction.

Any automated processing of personal data intended to evaluate, analyze, or predict data subject behavior,

Encrypted Data
Personal data that is protected through technological measures to ensure that the data is only accessible/readable by those with specified access.

Data Privacy Impact Assessment
A documented assessment used to identify and reduce the privacy risks of entities by analyzing the personal data that are processed and the policies in place to protect the data,

Data Portability
The requirement for controllers to provide the data subject with a copy of his or her data in a format that allows for easy use with another controller.

Right to Access
Also known as Subject Access Right, it entitles the data subject to have access to and information about the personal data that a controller has concerning them

Right to be Forgotten
Also known as Data Erasure, it entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data.

Supervisory Authority
A public authority that is established by a member state in accordance with article 46.

Third Countries
Countries outside the EU

Standard Contractual Clauses
The Standard Contractual Clauses, sometimes referred to as “model clauses”, are standardized contract language (approved by the European Commission) that is one method of permission for controllers/processors to send personal data to third countries.

Did this answer your question?