Find out more about GDPR
Here you can improve your vocabulary about GDPR and especially to better understand certain words or grey areas related to data protection
A process or set of rules followed by a computer in performing problem-solving operations.
Application data cache
An application data cache is a data repository on a device. It can, for example, enable a web application to run without an internet connection and improve the performance of the application by enabling faster loading of content.
Browser web storage
Browser web storage enables websites to store data in a browser on a device. When used in “local storage” mode, it enables data to be stored across sessions. This makes data retrievable even after a browser has been closed and reopened. One technology that facilitates web storage is HTML 5.
The collecting of personal data consists, as its name indicates, in the action of gathering personal information on one or more persons by any means whatsoever (handwritten form during a physical meeting, database retrieval…), whatever the purpose.
Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which the person, by way, of a statement or clear affirmative action, signifies agreement to the processing of their personal data.
A cookie is a small file stored by a website in a user’s terminal (computer, telephone, etc.) and associated with a web domain (i.e. in most cases with all the pages of a single website). This file is automatically sent back during subsequent contacts with the same domain. The aim is to identify the user.
A breach of security resulting in the destruction, loss, alteration, unauthorised disclosure or accidental or unlawful access of personal data.
A data controller is a natural or legal person, public authority, agency or other body, which determines the purposes and means of the processing of personal data: meaning the objective and the way it is carried out.
Data joint controller
There can be one controller as well as several. Indeed, an entity is designated as a joint controller if it and the main controller together determine the purposes and means of processing the same personal data.
Data management is a management subject that focuses on the value of data as a digital resource.
Data portability refers to the ability to move data from one application, program, computing environment, or cloud service to another.
Data Processing Agreement
A legally binding agreement in writing between the data controller and data processor that contains the mandatory terms for the processing set out in the GDPR. Often referred to as a DPA.
You are a processor if your company process personal data on behalf of and under the authority of a controller. Processors, like controllers, must comply with the GDPR. Like the controller, you can be held liable for non-compliance.
Data protection authorities
DPAs act as independent public authorities that supervise, investigate, and apply data protection laws within the EU. They’re responsible for handling complaints and interpreting EU law. Each EU member state has a separate data protection authority. In Sweden, it is YMI.
Data Protection Officer
A person responsible for managing GDPR compliance within the organisation. The DPO has an information, advisory and monitoring role.
A device is a computer that can be used to access Google services. For example, desktop computers, tablets, smart speakers, and smartphones are all considered devices.
The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.
The GPDR compliance process should not be perceived as a technical or legal constraint. It is above all an opportunity to take stock of the use of digital services in the community and to ensure that the protection of personal data has been taken into account.
Swedish Authority for Privacy Protection – IMY’s role is to uphold the protection of personal data, monitoring that they are handled correctly and do not fall into the wrong hands.
“Opt in” option means obtaining the consent of the person to whom the advertisement is addressed: if he/she has not said “yes”, it is “no”. In this case, you are not allowed to send them advertising content.
“Opt-out” option is when the person receiving the advertisement has not objected: if they have not said “no”, it is “yes”. If this is the case, you have the green light to share your targeted ads.
Personal data / information
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the GDPR.
Personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data. For data to be truly anonymised, the anonymisation must be irreversible.
Examples of personal data:
- a name and surname
- a home address
- an email address such as “email@example.com”
- an identification card number
- a location data (for example the location data function on a mobile phone)
- an Internet Protocol (IP) address
- a cookie ID
- the advertising identifier of your phone
- data held by a hospital or doctor, which could be a symbol that uniquely identifies a person.
Examples of data not considered personal data:
- a company registration number
- an email address such as “firstname.lastname@example.org”
- anonymised data
Personal Data breach
Personal Data breach : A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.
Personal integrity is defined as having strong morals or values and following these principles in both word and deed.
A pixel tag is a type of technology placed on a website or within the body of an email for the purpose of tracking certain activity, such as views of a website or when an email is opened. Pixel tags are often used in combination with cookies.
A notice providing certain information to data subjects about the use of their personal data, as required by the GDPR.
Public data protection authorities (DPAs)
Public data protection authorities (DPAs) : DPAs are independent public authorities that supervise, through investigative and corrective powers, the application of the data protection law. They provide expert advice on data protection issues and handle complaints lodged against violations of the General Data Protection Regulation and the relevant national laws. There is one in each EU Member State.
Generally speaking, the main contact point for questions on data protection is the DPA in the EU Member State where your company/organisation is based. However, if your company/organisation processes data in different EU Member States or is part of a group of companies established in different EU Member States, that main contact point may be a DPA in another EU Member State.
Register of data processing
The register of processing activities allows you to identify the data you handle and to have an overview of what you do with personal data. This register is part of the steps to be in compliance with the GDPR. As an inventory and analysis document, it should reflect the reality of your personal data processing and allow you to identify precisely :
- The stakeholders (representative, subcontractors, co-contractors, etc.) who are involved in the processing of data,
- The categories of data processed,
- What the data is used for, who accesses the data and to whom it is communicated,
- How long you keep it,
- How it is secured.
GDPR supervisory authorities are public bodies responsible for enforcing compliance with the regulation within their respective countries. They are responsible for monitoring and enforcing the regulations, and have the power to conduct investigations, impose fines, and take other enforcement actions against organizations that violate the GDPR.
In each EU member state there is at least one supervisory authority, which is responsible for supervising the processing of personal data by controllers and processors established in their jurisdiction. They are also responsible for providing guidance and support to organizations operating within the jurisdiction on how to comply with the regulation.
Sensitive personal information
This is a particular category of personal information relating to topics such as confidential medical facts, racial or ethnic origins, political or religious beliefs, or sexuality.