Who does the GDPR affect?
The GDPR does not only apply to organizations located within the EU, but also to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
What is the difference between a data processor and a data controller?
A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity, which processes personal data on behalf of the controller.
What are the common terms and definitions used in relation to the GDPR?
- Data controller: the entity that determines the purposes, conditions and means of the processing of personal data
- Data Protection Impact Assessment: a tool used to identify and reduce the privacy risks of entities by analyzing the personal data that are processed and the policies in place to protect the data
- Data processor: the entity that processes data on behalf of the data controller
- Data subject: a natural person whose personal data are processed by a controller or a processor
- Personal data breach: a breach of security leading to the accidental or unlawful access, destruction, misuse, etc. of personal data
- Personal data: any information related to a natural person that can be used to identify the person directly or indirectly
- Processing: any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.