This article provides the meanings of a number of GDPR terms and other key terminology used in the GDPR software by Data Legal Drive.
Some of the terms in the first column link to more complete articles.
Action |
A task assigned to a user, such as completing a processing activity. An action can be linked to a processing activity, a data subject request, a personal data breach, a diagnosis, or an impact assessment. |
Active |
When a processing activity is active, it is included in the record (see Inactive). Only active processing activities can be edited. |
Areas are used to organize processing activities by family. |
|
An article in the GDPR that requires data controllers and processors to produce “records of processing activities”. |
|
A separate module in the GDPR software that contains:
|
|
A person with the rights to use the back office in order to create users and roles, and to assign the roles to users. |
|
A person in an organization who is either in charge of a processing activity, or is an external recipient. The contact repository allows you to select one or more contact persons for each processing activity. A contact must be assigned to a department. |
|
Dalloz |
A leading legal publisher in France and a Data Legal Drive partner. Dalloz provides the RGPD software with up-to-date legal publications on GDPR, data privacy and related topics. |
Data controller |
An actor that determines the purposes and means for processing personal data. |
Data subject |
An identified or identifiable living individual whose data may be processed. |
Data subject request |
A request from a data subject to a data controller to exercise their right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, right to object and right not to be subject to a decision based solely on automated processing. |
Refers to a department in an organization that is either in charge of a processing activity, or is an external recipient. The department repository allows you to select one or more departments for each processing activity. |
|
Divisions allow you to restrict user access to specific processing activities. This is done by assigning users and processing activities to divisions. For example, by assigning a user to the Human Resources division, they will be able to access all the processing activities assigned to that division. The precise type of access (add, update, delete, etc.) will depend on their permissions. |
|
The library where all documents required for accountability and added to the GDPR software by users are stored. |
|
The DPO, or Data Protection Officer, is in charge of ensuring GDPR compliance in a given entity. They may be an employee or externally appointed. |
|
A person assigned to complete a processing activity and/or conduct an impact assessment. |
|
DSR |
See Data subject request. |
Entity |
A legal entity such as a parent company, a subsidiary, an administration, a non-profit, etc. Entities can be organized in entity charts to allow sharing of documents and repositories between parent companies and their subsidiaries. |
Evaluator |
A person assigned to review an impact assessment. |
A mode in the GDPR software for completing processing activities that are not only Article 30-compliant, but contain additional information that can be used, for example, to complete impact assessments. |
|
External recipient |
An actor external to the entity that receives personal data. External recipients are listed in the third parties repository. |
An impact assessment, also called Privacy Impact Assessment or PIA, allows you to build a processing activity that is compliant with the GDPR and that protects against privacy risks. It must be conducted if a processing activity is likely to result in a high risk to the rights and freedoms of data subjects. |
|
Inactive |
When a processing activity is inactive, it is not included in the record (see Active). An inactive processing activity cannot be edited. All the default processing activities provided in the GDPR software are initially inactive. |
Internal recipient |
A contact or a department authorized, through their duties, to receive data saved in a file or a processing activity. Internal recipients are listed in the contacts and departments repositories. |
Joint controller |
If two or more data controllers jointly determine the purposes and means for processing personal data, they are called joint controllers. |
Allows a user to perform a specific task, i.e. create processing activities, edit repositories, etc. Permissions are granted by assigning roles. |
|
Personal data breach |
A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, processed personal data. |
See Impact Assessment. |
|
Privacy by design |
An approach designed to anticipate and prevent privacy invasive events before they happen. With this approach, privacy protection is built into the system. |
Processing (or processing activity) |
Any of a wide range of operations performed on personal data, by either automated or manual means. Examples of processing are data collection, data modification, data extraction, etc. |
Processor |
An actor that processes personal data on behalf of a data controller. |
Project |
In the GDPR software, a project created according to the Privacy by design approach. |
Record |
Records must show why and how personal data is being processed. They allow regulators to verify that organizations are adhering to the GDPR. |
Repositories are used to record information on sites, departments, contacts, areas, third parties and software. The information can be easily retrieved and added to processing activities. |
|
A set of permissions. When you assign a role to a user, they receive all the permissions belonging to that role. The GDPR software is delivered with 6 preset roles. They can be used as is, or modified. |
|
Any real-world location involved in a data processing activity, i.e. the place where the data is collected and/or processed, the headquarters of the company processing the data, etc. A site can be an office, a production site, a retail outlet, etc. |
|
A computer program used to process personal data. |
|
SSO, or Single Sign On, is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems. |
|
Subprocessor |
If a processor employs the services of another processor, the latter is called a subprocessor. |
An actor that is external to your entity and authorized to process personal data. |
|
User |
|
A person assigned to validate a processing activity and/or an impact assessment. |