Definitions

Overview:

This article provides definitions of key terms used throughout the regulation. The articles has 26 definitions.
So of the important terms include:

1.  Personal data: Any information relating to an identified or identifiable natural person (data subject).
2.  Processing: Any operation performed on personal data, such as collection, recording, storage, alteration, retrieval, use, disclosure, or erasure.
3.  Controller: The entity that determines the purposes and means of processing personal data.
4.  Processor: The entity that processes personal data on behalf of the controller.
5.  Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they agree to the processing of their personal data.

Implementation Guidance

1. Ensure that all the documentation including policies, procedures etc aligns with GDPR terminology
2. Train your workforce on these terminologies so they can interpret the regulations in the correct way

Compliance Checklist

1. Privacy policies and procedures
2. Awareness training for employees

Examples and Use Cases

1. An organisation collects name, address email, telephone number to give access to online courses. These data collected are classified as personal data as this can be used to identify an individual.
2. An online book store collects personal data for completing the orders is a Data Controller
3. A courier service company delivering products on behalf of a customer is a Data Processor
4. An individual ticking a checkbox to receive a monthly newsletter from a technology site is providing consent.