Understanding the GDPR starts with knowing the language behind it.
Whether you’re a startup founder, a compliance manager, or just curious about data protection, certain key terms shape how the law applies to your business.
In this guide, we’ve gathered 20 essential GDPR terms every organization should know — especially if you handle or process personal data (and yes, we’ll explain what that means!).
To make things simple, we’ve listed them alphabetically — so you can easily find what you need, from “Consent” to “Supervisory Authority.”
Ready to build your GDPR vocabulary? Let’s dive in.
Adequacy Decision
The GDPR generally prohibits transferring of personal data outside the EU. However, the European Commission is able to make adequacy decisions where it believes a 3rd country provides an adequate level of protection to Personal Data.
Consent.
Personal Data can only be processed if you have a legal basis to do so. One of the accepted ways is through consent. This means the data subject has consented for the specified processing to happen. See also Informed Consent.
Data Processing Agreement (DPA)
A data processing agreement is a form of contract between a Data Controller and a Data Processor. It sets out exactly how the processor will handle the Personal Data being transferred to them by the controller. Learn more
Data Protection Authority
(Confusingly, also called DPA for short). A data protection authority is a nationally recognised body that enforces data protection legislation. Collectively, the major EU DPAs make up the EDPB (European Data Protection Board).
Data Processing Impact Assessment (DPIA)
A DPIA is a special kind of risk assessment you should perform when you are processing Personal Data. It ensures that your organisation, products, or services are compliant with the privacy by design and by default principles of the GDPR.
Data Controller
The controller or data controller is the entity who decides which Personal Data is being collected, under what Legal Basis, and what Processing happens to the data.
Data Processor
A processor provides Processing of Personal Data as required by the Data Controller. The exact nature of the processing is covered by a Data Processing Agreement.
Data Subject
A GDPR data subject is a natural born person who is a citizen or resident of the European Union and whose Personal Data is being processed.
Data Subject Rights
The GDPR grants numerous rights to data subjects. These include the right to be forgotten, the right to access, right to portability, and the right to withdraw Consent.
Data Transfer
A data transfer happens when data is sent from within the EU to a 3rd country. Such transfers are only legal if there is an Adequacy Decision or if you sign a contract containing the Standard Contractual Clauses.
GDPR
The GDPR (General Data Protection Regulation) is the law protecting the Personal Data of every resident of the EU. It applies across the entire EU and offers strong protections to Data Subjects. Note, there is a different version of the GDPR in the UK. Learn more in our definitive guide!
Informed consent
If you wish to use Consent as a legal basis to process Special Category data, you must get informed consent from the data subject. This is a more detailed form of consent requiring you to specify exactly what data you are collecting, why, and what you will do with the data.
Legal basis
The GDPR only allows you to process Personal Data when you have a valid legal basis to do so. There are several of these in Article 6 including consent, legitimate interest, and to fulfill contractual obligations. However, for Special Category data, you need to also meet one of the legal bases listed in Article 9.
Personal data
The GDPR defines personal data as “any information relating to an identified or identifiable natural person (‘Data Subject’). The important aspects here are that this does not cover data that is anonymised (non-identifiable), nor does it cover data related to entities and organisations.
Privacy notice
A privacy notice is an easily-understood document explaining to Data Subjects how their Personal Data is being processed. This includes which data is being processed, why, how long it will be retained, whether it is shared with anyone, and also provides details of how to contact the organisation to enforce their Data Subject Rights.
Privacy policy
Your privacy policy is a detailed internal document that describes exactly how you are processing Personal Data, the Legal Basis, which Data Processors or Subprocessors you use, and much more. It should be updated regularly and is a key way to demonstrate compliance if you are audited. Get our free template here.
Processing (of Personal Data)
The GDPR definition of data processing is extremely broad. In effect it covers every single operation you are able to perform to the data. This includes creation, storage, modification, deletion, and transfer of the data. Moreover, it covers data in any format, including paper-based.
Special category data
Article 9 of the GDPR defines a number of special categories of Personal Data, including health data. Data in these categories can only be processed if it meets one of the Legal Bases. These include medical necessity, public safety, or Informed Consent.
Standard contractual clauses
The European Commission has approved a set of standard clauses that can be used in Data Transfer agreements. This allows transferring of data to countries that do not have an Adequacy Decision in place.
Subprocessor
A subprocessor is an organisation that a Data Processor retains in order to perform some specific data processing on their behalf. The subprocessor must be bound by the requirements of the DPA between the Data Controller and Data Processor.
Need help figuring it out? We’re here to help!
Chino.io works as your partner to help you solve all privacy, security, and compliance issues. Our unique combination of regulatory expertise, legal know-how, and technical experience helps eliminate compliance risks while saving you money and time.
Book a call with our experts to learn how we can help you deliver compliant-by-design innovation.
Streamline Your Compliance With Chino.io Today
Discover our
Templates
Read our Latest Industry Insights
Discover insights from our expert writers.
