Consent
A freely given, specific, informed, and unambiguous indication of agreement to data processing through a clear affirmative action (Articles 4(11) and 7).
Data Breach
A security incident leading to unauthorized access, alteration, or loss (disclosure, or destruction) of personal data (Article 4(12)).
Data Controller
The entity that determines the purposes and means of processing personal data (Article 4(7)).
Data Minimization
Ensuring only the data necessary for a specific purpose is collected and processed (Article 5(1)(c)).
Data Processor
An entity that processes personal data on behalf of the data controller (Article 4(8)).
Data Protection Impact Assessment (DPIA)
A process to identify and minimize risks to personal data in high-risk processing activities, such as profiling (Article 35).
Data Protection Officer (DPO)
A professional appointed to oversee GDPR compliance and advise organizations on data protection (Articles 37–39).
Data Subject
An individual whose personal data is processed. GDPR grants data subjects specific rights, such as the right to access, rectify, and erase their data (Articles 12–23).
Legitimate Interest
A lawful basis for processing data where it is necessary and does not override individual rights (Article 6(1)(f)).
Personal Data
Any information relating to an identified or identifiable individual, such as names, email addresses, or IP addresses (Article 4(1)).
