Definition: Process of turning data into a form that does not identify individuals and where identification is not likely to take place. (The process is irreversible so the data is likely removed from...

Definition: Processing of personal data in such a manner that the personal data can no longer be attributed to a specific individual without the use of additional information, provided that such addit...

Definition: Any natural or legal person, public authority, agency or another body that processes personal data on behalf of the Businesses. Commentary:

Definition: A data protection officer (DPO) is an enterprise security leadership role required by consumer protection regulation. Commentary:

Definition: Current, former, and prospective individual consumers contracted to receive products or services. Commentary:

Definition: Jurisdictions that were deemed to provide an adequate level of protection to personal data by the European Commission. These include Andorra, Argentina, Canada, Faeroe Islands, Guernsey, I...

Definition: An identified or identifiable natural person – i.e., a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification nu...

Definition: Legitimate interest is one of a number of grounds that a data controller may rely on for the lawful processing of personal data. In order to rely on this ground, the legitimate interests o...

Definition: A DPIA is an assessment of the impact of envisaged processing operations on the protection of personal data. Commentary: Under the GDPR, a DPIA must be carried out where a type of processi...

Definition: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual. Commentary: