There are a number of terms that you will here being used when discussing GDPR so we have created a list of some of the most common terms and what they mean:
Data Processor: Processes data at the instruction of the controller.
Data Controller: The collector of the data and person who makes decisions about the use of the data.
Consent: You may not use indecipherable terms and conditions filled with legalese. It must also be as easy to withdraw consent as it is to give consent.
Breach Notification: You must report the event of a data breach within 72 hours. This is not 72 business hours and the notification must be sent to data controllers and customers.
Right To Access: Customers have the right to obtain confirmation from data controllers of whether their data is being processed. An electronic copy of the data should be provided free of charge if requested.
Right to be Forgotten: If the data is no longer relevant to it’s original purpose customers can ask the data controller to erase their personal data. There are cases where this would not be practical, for example, in order to keep a product warranty valid for the full term of the warranty or if the data could be used as part of any investigation.
Privacy by Design: Data protection must be considered from the beginning of the design process for any new systems.
Data Protection Officers: DPOs must be appointed in public authorities or large organisations (>250 employees) that monitor or process personal data.
Subject Access Request: A subject access request is when an individual requests a copy of the information that is held on them. This must be able to be provided electronically within one month.
Data Protection Impact Assessment: A data protection impact assessment (DPIA) is an assessment that should be carried out to evaluate the risk to data protection on new technologies or systems that will be introduced. As part of the privacy by design requirement, data protection assessment must be carried out prior to a new technology or system being introduced.