Glossary for GDPR
Data Subject
A person who lives in the EU
Personal Data
Any information related to an identified/identifiable data subject (e.g., name, national ID number, address, IP address, health info)
Controller
A company/organization that collects people’s personal data and makes decisions about what to do with it. So if you’re collecting personal data and are determining how it will be processed (for example using the HubSpot services to market to prospects and customers), you’re the Controller of that data and must comply with applicable data privacy legislation accordingly.
Processor
A company/organization that helps a controller by “processing” data based on its instructions, but doesn’t decide what to do with data. So for example, Radiance Academy Coaching is the processor of the data collected on the website of the same name. We don’t control how data is collected or data is used; we merely process it on your behalf and on your instruction.
Processing
Any operation or set of operations that are performed on personal data or on sets of personal data, by automated means or otherwise, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Protection Officer (DPO)
A representative for a controller/processor who oversees GDPR compliance and is a data-privacy expert
Data Privacy Impact Assessment (DPIA)
A documented assessment of the usefulness, risks, and risk-mitigation options for a certain type of processing
Supervisory Authority
Formerly called “data protection authorities”; one or more governmental agencies in a member state oversee that country’s data privacy enforcement (e.g., Ireland’s Office of the Data Protection Commissioner, Germany’s 18 national/regional authorities)
Third Countries
Countries outside the EU
Standard Contractual Clauses
The SCCs, a/k/a “model clauses” are standardized contract language (approved by the European Commission) that is one method of permission for controllers/processors to send personal data to third countries. The SCCs are included in Exhibit 1 of our Data Processing Agreement).
​
​
​
​
​
​
​
​