Adequacy Decision
EU Commission decision confirming that a non-EU country ensures adequate data protection, allowing data transfers without additional safeguards (Article 45).
Anonymization
Removing identifiable information from data to make it impossible to trace back to an individual (Recital 26).
Consent
A freely given, specific, informed, and unambiguous indication of agreement to data processing through a clear affirmative action (Articles 4(11) and 7).
Controller-Processor Agreement
A legally required contract outlining responsibilities between a data controller and processor (Article 28(3)).
Cross-Border Processing
Processing that affects individuals in multiple EU countries or involves data transferred across borders (Article 4(23)).
Data Breach
A security incident leading to unauthorized access, alteration, or loss (disclosure, or destruction) of personal data (Article 4(12)).
Data Controller
The entity that determines the purposes and means of processing personal data (Article 4(7)).
Data Minimization
Ensuring only the data necessary for a specific purpose is collected and processed (Article 5(1)(c)).
Data Processor
An entity that processes personal data on behalf of the data controller (Article 4(8)).
Data Protection Impact Assessment (DPIA)
A process to identify and minimize risks to personal data in high-risk processing activities, such as profiling (Article 35).
