Definitions in Article 4 of GDPR
Glossary of important definitions in article 4 of GDPR
It is important that companies that process personal data belonging to EU citizens are aware of the definitions stated in Article 4 of GDPR. This GDPR Glossary in English contains a compilation of key Definitions in Article 4 of GDPR. It is important to know the meaning of these key definitions, in order to act correctly according to the regulation. That is why we have compiled this description of central definitions.
However, keep in mind that Article 4 of the GDPR provides the complete version of the definitions.
All data that, directly or indirectly, alone or together with other data, can be linked to a physically living person, is personal data according to the GDPR.
Common examples of personal data are: name, telephone number, address, e-mail address, user ID, credit card number, registration number of a vehicle, IP address, etc.
The person who can be identified through the personal data, is according to GDPR called a data subject. The data subject is therefore always a natural living person.
According to the GDPR, data subjects have different rights regarding their personal data. For instance, the right to restrict processing and the right to access.
Everything that is done with or to personal data, automated or otherwise, is a form of processing. For example, processing can take place through a single measure or through a combination of different measures.
Examples of common processing of personal data are: storage, deletion, sharing, loading, registration, copying, collection, organization, use, adjustment, destruction, etc.
Profiling is a way of processing personal data through various automatic treatments and processes. For example, in order to assess different personal characteristics of an individual. For instance, to analyze a natural person’s health, finances, behavior, preferences, interests, place of residence, etc.
Personal information may be collected and structured in a register for various reasons.
For example, it is common for companies to keep a register of their customers or employees in a financial system or CRM system.
Pseudonymisation means that personal data are processed in a way that the data can not identify a natural person in it self. It can only be made with additional data, that is stored in another place. And it be done through various technical and organizational security measures.
Third party means someone other than, the personal data controller (and the persons who are authorized to process the personal data), the data subject or the personal data controller (and other persons who are authorized to process the personal data).
A third party may be a legal person or a natural person, institution, authority or other body, for instance.
According to the GDPR, anyone who determines the purpose of a certain processing of personal data and how the processing is to take place, is to be regarded as the Personal Data Controller.
For example, natural persons, legal persons, authorities, institutions or other bodies may be personal data controllers.
Anyone who processes personal data on behalf of a personal data controller, according to the data controller’s instructions, is a personal data processor. Common examples of personal data processors are accounting consultants and web developers.
Natural persons, legal persons, authorities, institutions or other bodies may be personal data processors, for instance.
Consent is one of the six (6) legal bases that exist under the GDPR. A person may give a voluntary express consent for the personal data to be processed for a specific stated purpose. A given consent can be revoked at any time.
It should be noted that consents given in cases where there is a power relationship, by a person in an inferior position, are not valid under the GDPR. For example, the relationship between and employer and its employees.
Personal data breaches can occur in different ways. According to the GDPR, a personal data breach means a security incident, that has caused the processed personal data to be destroyed, lost, altered or obtained by an unauthorized person.
A breach can be seen intentionally or unintentionally. For example through negligence or due to crime (data breach, etc.).
Supervisory authorities are independent public authorities. Each EU country has designated its own regulatory authority to handle GDPR-related matters.
In some cases, a personal data breach must be registered to different supervisory authorities in different countries.
News about GDPR and reviews from supervisory authorities
In addition to this GDPR glossary, you can also read about various news about the GDPR on this website. For example, audits carried out by Supervisory Authorities and sanction fees that they distribute. By learning from mistakes from others, it is possible to avoid making similar mistakes yourself. In addition, you can also find information that is important and good to know as an entrepreneur, as well as guides.
Summary of the GDPR for Companies, Entrepreneurs and Businesses
There is a lot of information about the GDPR that is important for companies, entrepreneurs and businesses to know about. We have therefore written a GDPR Summary and mention various key elements. Therefore, we are able to provide an overview of the GDPR, what it means and what companies must do to comply with the EU regulation.