Adequacy Decision
EU Commission decision confirming that a non-EU country ensures adequate data protection, allowing data transfers without additional safeguards (Article 45).
Consent
A freely given, specific, informed, and unambiguous indication of agreement to data processing through a clear affirmative action (Articles 4(11) and 7).
Controller-Processor Agreement
A legally required contract outlining responsibilities between a data controller and processor (Article 28(3)).
Cross-Border Processing
Processing that affects individuals in multiple EU countries or involves data transferred across borders (Article 4(23)).
Data Minimization
Ensuring only the data necessary for a specific purpose is collected and processed (Article 5(1)(c)).
Data Protection Impact Assessment (DPIA)
A process to identify and minimize risks to personal data in high-risk processing activities, such as profiling (Article 35).
Data Protection Officer (DPO)
A professional appointed to oversee GDPR compliance and advise organizations on data protection (Articles 37–39).
High-Risk Processing
Processing that poses significant risks to individual rights, such as profiling or processing sensitive data (Article 35(3)).
Legitimate Interest
A lawful basis for processing data where it is necessary and does not override individual rights (Article 6(1)(f)).
Personal Data
Any information relating to an identified or identifiable individual, such as names, email addresses, or IP addresses (Article 4(1)).
