Data Privacy Glossary

Knowing the key terms from the data privacy jargon is the starting point for becoming compliant. Scroll through the terms, and learn the new language


Binding Corporate Rules

The set of internal rules adopted by multinational companies in to define their global policies on international data transfers within the same corporate group towards countries that don't share the same level of protection.

Biometric Data

Personal data that resulted from specific processing related to physical and behavioural features of a person, which allows the identification of that person.


The informed, unambiguous and freely given permission from the data subject to have data relating to him or her processed.


The natural or legal person, public authority or other body which establishes the purpose and method of data processing, alone of together with other actors. CROSS BORDER PROCESSING

Cross Border Processing

Processing of personal data when the controller or processor is established in more than one Member State, and the data processing takes place in more than one Member State, OR processing activities that take place in a single establishment in the Union, but that affects data subjects from more than one Member State.

Data Concerning Health

Personal data referring to the personal mental and physical health of a person, including information on health services accessed.


Natural or legal person who performs an economic activity, regardless of the legal form, including associations and partnerships.

Genetic Data

Data related to a natural person's genetic characteristics, whether inherent or acquired, which offers information about the mental or physical health of that person.

Group Of Undertakings

Is formed by the controlling undertaking and the subsequent controlled undertakings.

Information Society Service

A service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council (19).

International Organisation

An organisation and its subordinate bodies regulated by the public international law, or a body established based on an agreement between at least two countries.

Main Establishment

For controllers with establishments in more than one Member State, it is the central administration place in the Union, unless the processing decisions are taken in another establishment which in this case will be considered the main establishment. For processors with establishments in more than one Member State, it is the central administration place in the Union, unless the processor doesn't have a central administration, in which case the main establishment will be the place where the main processing activities are performed.

Personal Data

Any information related to an identified or identifiable data subject (natural person).


The natural or legal person, public authority or other body which processes data on behalf of the controller.

Personal Data Breach

A breach of security that caused accidental or intentional loss, destruction, disclosure or access to processed or transmitted personal data.


Any automated processing that uses personal data to evaluate personal aspects and predict future actions and aspects.


Any action or set of actions that is performed on personal data or sets of data, whether automated or not.


Personal data processing so that the data can no longer attributed to a specific data subject


A recipient is a natural or legal person, public authority or other body to which personal data is disclosed.

Restriction Of Processing

Restriction of processing is marking of stored personal data in order to restrict its processing in the future.

Relevant And Reasoned Objection

An objection regarding whether there exists an infringement of the Regulation or not, or whether the agreed action in relation to the controller or processor is in conformity with the Regulation.


A natural or legal person established in the EU, appointed by the data processor or controller to represent him with respect to the obligations under the regulation.

Supervisory Authority

An independent public authority established by a EU Member State in accordance to Article 51.

Third Party

A natural or legal person that is not the controller or the processor, but who is authorized by them to process personal data.
Want to talk to us?
Contact Sales

See you on the safe side

iso 9001
iso 27001
iso 22301

2018 © Clym Ltd. Registered in England & Wales, No. 11332037