GDPR: glossary

Biometric Data:

means personal data resulting from specific technical processing relating to the physical, psychological or behavioural characteristics of an individual which allow or confirm the unique identification of that individual, such as facial images.



this is one of the lawful bases for processing personal data. Consent means any freely given, specific, informed and unambiguous indication of the individual’s wishes signifying agreement to the processing of their personal data. The GDPR sets a high standard for consent.   Consent means offering individuals real choice and control.   Consent must be unambiguous and involve a clear affirmative action (an opt in). It specifically bans pre-ticked opt in boxes.


Data Controller:

means an entity who determines the purposes and mean of the processing of personal data.


Data Processor:

means the entity which processes personal data on behalf of the controller.


Data Protection Officer:

an expert on data privacy.


Data Subject:

an individual whose personal data is processed.


Genetic Data:

means personal data relating to the inherited or acquired genetic characteristics of an individual which give unique information about the physiology or the health of that individual.


Personal Data:

means any information relating to an individual, including name, identification number, location data, online identifier etc.


Personal Data Breach:

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.



means any operation or set of operations which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.



means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual’s personal preferences, interests, behaviour etc.



means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an individual.