Data protection definitions

Data protection definitions

These are the most used and necessary data protection definitions to understand the European(RGPD) and Spanish(LOPD-GDD) data protection regulations:

  1. PERSONAL DATA: Information that identifies a natural person, called data subject, through the name, identification number, physical, genetic, psychological, cultural data, among others.
  2. PROCESSING: any procedure carried out on personal data, such as collecting, recording, arranging, structuring, preserving, adapting, extracting, consulting, using, communicating, disseminating, and involving access, matching, limiting, deletion or destruction.
  3. LIMITATION OF THE PROCESSING: Action related to identify those personal data that for some circumstance or by request of the interested party, are limited to be processed.
  4. PROFILING: Automated procedure of personal data through the evaluation of personal aspects related to professional performance, personal preferences, health, interests, economic situation, among others.
  5. SEUDOMINIMIZATION: Data processing in which the identification of the person is not possible without the use of additional data, ensuring that these are protected and are not attributed to an identifiable person.
  6. FILE: Systematic grouping of personal data, according to classification criteria.
  7. PERSON RESPONSIBLE FOR THE PROCESSING: Person (natural or legal), entity or body (public or private) that carries out the processing of personal data under its own guidelines, within the specific legal framework; it must guarantee and be able to demonstrate the protection of personal data by adopting the necessary security measures, both technical and organizational.
  8. PERSON IN CHARGE OF PROCESSING: Person (natural or legal), entity or body (public or private) that carries out the processing of personal data under the instructions of the controller. He/she has the same obligations as the controller.
  9. RECIPIENT: Person (natural or legal), entity or organization (public or private) that receives personal data, which may be considered a third party.
  10. THIRD PARTY: Person (natural or legal), entity or organization (public or private) that processes personal data under the guidelines of the controller or processor, and that is not considered as a recipient.
  11. CONSENT OF THE PERSONAL DATA SUBJECT: Expression of will of the data subject through which he/she accepts the processing of his/her personal data in a free, unequivocal and informed manner by the data controller or data processor.
  12. PERSONAL DATA SECURITY VIOLATION: Any fact or act that produces a breach in the security of personal data, causing its loss, destruction, alteration or unauthorized access.
  13. GENETIC DATA: Unique information relating to the characteristics stored in the genome of natural persons.
  14. BIOMETRIC DATA: Unique information about a physical person related to facial images, fingerprints, voice (among others), which allow its unequivocal identification and differentiate it from others.
  15. HEALTH-RELATED DATA: Information relating to the physical or mental health or state of health of a natural person.
  16. MAIN ESTABLISHMENT: Place of central administration of a controller, when the controller or its processor has different establishments in more than one Member State.
  17. REPRESENTATIVE: Natural or legal person who performs acts on behalf of the controller or processor, once he/she has been designated in writing for that purpose, unless one of the exceptions of Article 27.2 RGPD is met.
  18. COMPANY: Individual or legal entity that carries out an economic activity.
  19. BUSINESS GROUP: A group of companies led by one of them, which exercises control over the others.
  20. BINDING CORPORATE RULES: Data protection legal framework relating to international data transfers, adopted by the controller or processor, with third parties that may or may not be within the EU.
  21. CONTROL AUTHORITY: Independent public authority within an EU Member State, whose function is to supervise and control compliance with the regulatory framework for data protection. It will have sanctioning powers.
  22. SUPERVISORY AUTHORITY CONCERNED: That supervisory authority affected by the processing of personal data because the controller, processor or the data subjects themselves reside in the State where such authority is located, or there is a complaint before such authority.
  23. TRANSFORNTERED PROCESSING: Processing of personal data in more than one Member State, with the controller requesting to be located in several States or in only one.
  24. RELEVANT AND REASONED OBJECTION: In relation to making an objective and reasoned decision on whether or not to comply with the provisions of the GDPR, according to the risk that such action poses to the fundamental rights and freedoms of data subjects.
  25. INFORMATION SOCIETY SERVICE: any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a service recipient.
  26. INTERNATIONAL ORGANIZATION: any entity with an international presence, which has been created by means of an inter-party agreement , those parties being States, and which submits to the rules defined in that mutual agreement.
  27. ANONYMIZATION: data collection without identifying the owner of the data. Used in surveys for example.

Contact us, we will be pleased to help you.
error: Content is protected !!