GDPR Glossary

  • Data Subject - an identified or identifiable natural living person. See Article 4(1).
  • General Data Protection Regulation - European privacy law in effect as of May 25, 2018, which protects the Personal Data of Data Subjects.
  • European Economic Area - the European Union, United Kingdom, Iceland, Liechtenstein and Norway.
  • Personal Data - Any information that relates to an identified or identifiable Data Subject; an identifiable Data Subject is one who can identified, directly or indirectly, for example, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject. See Article 4(1).
  • Processing - any operation or set of operations that is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. See Article 4(2).
  • Pseudonymized Data - Personal Data that can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the Personal Data are not attributed to Data Subject. See Article 4(5).
  • Special Categories - Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. See Articles 9(1); 4(13)-(15).