Data Subject Rights
Expert-defined terms from the Professional Certificate in GDPR and AI Data Privacy Compliance course at London School of Planning and Management. Free to read, free to share, paired with a professional course.
Accountability is a key concept in data protection, referring to the resp… #
This includes implementing data protection policies, training employees, and conducting regular audits to ensure the effective management of personal data. Related terms include data protection by design, data protection impact assessment, and data protection officer.
Artificial Intelligence (AI) refers to the development of computer system… #
In the context of data protection, AI can be used to analyze and process large amounts of personal data, raising concerns about privacy and security. Related terms include machine learning, natural language processing, and deep learning.
Automated Decision #
Making refers to the use of computer systems to make decisions about individuals without human intervention. This can include decisions about creditworthiness, employment, or healthcare. The GDPR provides individuals with the right to object to automated decision-making, and organizations must ensure that they have implemented appropriate safeguards to protect individuals' rights. Related terms include profiling, data mining, and predictive analytics.
Cloud Computing refers to the delivery of computing services over the … #
In the context of data protection, cloud computing raises concerns about security and compliance, as organizations must ensure that their cloud service providers are compliant with data protection regulations. Related terms include data storage, data processing, and outsourcing.
Consent refers to the explicit agreement of an individual to the collecti… #
The GDPR provides that consent must be informed, specific, and unambiguous, and that individuals have the right to withdraw their consent at any time. Related terms include opt-in, opt-out, and legitimate interest.
Data Breach refers to a security incident that results in the unauthor… #
Organizations have a duty to report data breaches to the relevant authorities and to inform affected individuals, and may be subject to penalties for failing to do so. Related terms include data protection impact assessment, incident response, and notification.
Data Controller refers to an organization that determines the purposes an… #
The GDPR provides that data controllers are responsible for ensuring the compliance of their data processing activities with data protection regulations, and that they must implement appropriate technical and organizational measures to protect personal data. Related terms include data processor, joint controller, and controller-processor agreement.
Data Erasure refers to the permanent deletion of personal data, ensuring… #
The GDPR provides individuals with the right to request the erasure of their personal data, and organizations must comply with such requests unless they have a legitimate reason to retain the data. Related terms include right to be forgotten, data retention, and data destruction.
Data Minimization refers to the principle that organizations should only… #
The GDPR provides that organizations must ensure that their data collection and processing activities are proportionate and necessary, and that they do not collect or process excessive amounts of personal data. Related terms include data quality, data accuracy, and data relevance.
Data Portability refers to the right of individuals to request that their… #
The GDPR provides that individuals have the right to data portability, and that organizations must comply with such requests unless they have a legitimate reason to refuse. Related terms include data transfer, data migration, and data export.
Data Processor refers to an organization that processes personal data on… #
The GDPR provides that data processors are responsible for implementing appropriate technical and organizational measures to protect personal data, and that they must comply with the instructions of the data controller. Related terms include data controller, joint controller, and controller-processor agreement.
Data Protection by Design refers to the principle that organizations shou… #
The GDPR provides that organizations must implement data protection by design, and that they must conduct data protection impact assessments to identify and mitigate risks to personal data. Related terms include data protection impact assessment, privacy by design, and security by design.
Data Protection Impact Assessment (DPIA) refers to a process used to iden… #
The GDPR provides that organizations must conduct DPIAs when their data processing activities are likely to result in a high risk to the rights and freedoms of individuals, and that they must consult with the relevant authorities and stakeholders. Related terms include data protection by design, privacy impact assessment, and risk assessment.
Data Protection Officer (DPO) refers to an individual who is responsible … #
The GDPR provides that organizations must appoint a DPO if they are a public authority, or if their core activities involve the regular and systematic monitoring of individuals on a large scale. Related terms include data controller, data processor, and data protection by design.
Data Subject refers to an individual whose personal data is being collect… #
The GDPR provides that data subjects have a range of rights, including the right to access, rectify, and erase their personal data, and that they must be informed about the processing of their personal data.
Data Subject Rights refer to the rights of individuals to control and pro… #
The GDPR provides that data subjects have the right to access, rectify, and erase their personal data, and that they must be informed about the processing of their personal data. Related terms include right to access, right to rectification, and right to erasure.
Electronic Communication refers to any form of communication that is sent… #
The GDPR provides that organizations must ensure that their electronic communication systems are secure and that they do not collect or process excessive amounts of personal data. Related terms include data protection by design, security by design, and privacy by design.
Encryption refers to the process of converting plain text into … #
The GDPR provides that organizations must implement appropriate technical and organizational measures to protect personal data, including encryption. Related terms include pseudonymization, anonymization, and data protection by design.
Information Security refers to the practices and procedures used t… #
The GDPR provides that organizations must implement appropriate technical and organizational measures to protect personal data, including information security measures.
Legitimate Interest refers to a lawful basis for processing personal data… #
The GDPR provides that organizations must ensure that their legitimate interests do not override the interests or fundamental rights and freedoms of individuals. Related terms include consent, contractual necessity, and legal obligation.
Machine Learning refers to a type of artificial intelligence that involve… #
In the context of data protection, machine learning can be used to analyze and process large amounts of personal data, raising concerns about privacy and security. Related terms include artificial intelligence, natural language processing, and deep learning.
Natural Language Processing (NLP) refers to a type of artificial intellig… #
In the context of data protection, NLP can be used to analyze and process large amounts of personal data, raising concerns about privacy and security. Related terms include artificial intelligence, machine learning, and deep learning.
Privacy by Design refers to the principle that organizations should desig… #
The GDPR provides that organizations must implement privacy by design, and that they must conduct data protection impact assessments to identify and mitigate risks to personal data. Related terms include data protection by design, security by design, and data protection impact assessment.
Profiling refers to the use of personal data to make predictions o… #
The GDPR provides that organizations must ensure that their profiling activities are lawful and fair, and that they do not discriminate against individuals. Related terms include automated decision-making, data mining, and predictive analytics.
Pseudonymization refers to the process of replacing identifiable p… #
The GDPR provides that organizations must implement appropriate technical and organizational measures to protect personal data, including pseudonymization. Related terms include anonymization, encryption, and data protection by design.
Right to Access refers to the right of individuals to access their person… #
The GDPR provides that organizations must comply with requests for access, unless they have a legitimate reason to refuse. Related terms include right to rectification, right to erasure, and data subject rights.
Right to Erasure refers to the right of individuals to request the per… #
The GDPR provides that organizations must comply with requests for erasure, unless they have a legitimate reason to retain the data. Related terms include right to access, right to rectification, and data subject rights.
Right to Object refers to the right of individuals to object to th… #
The GDPR provides that organizations must comply with requests to object, unless they have a legitimate reason to continue processing the data.
Right to Rectification refers to the right of individuals to request the… #
The GDPR provides that organizations must comply with requests for rectification, unless they have a legitimate reason to refuse. Related terms include right to access, right to erasure, and data subject rights.
Security by Design refers to the principle that organizations should desi… #
The GDPR provides that organizations must implement security by design, and that they must conduct data protection impact assessments to identify and mitigate risks to personal data. Related terms include data protection by design, privacy by design, and data protection impact assessment.
Sensitive Personal Data refers to personal data that is particularly s… #
The GDPR provides special protections for sensitive personal data, requiring organizations to obtain explicit consent before collecting or processing such data. Related terms include biometric data, genetic data, and personal data.
Supervisory Authority refers to an independent public authority that is r… #
The GDPR provides that supervisory authorities must be independent and impartial, and that they must have the power to investigate and enforce data protection regulations. Related terms include data protection authority, national data protection authority, and European Data Protection Board.
Third Country refers to a country that is not a member of the European Un… #
The GDPR provides that organizations must ensure that their transfers of personal data to third countries are lawful and secure, and that they must implement appropriate safeguards to protect personal data. Related terms include international data transfer, data export, and data import.
Transfer of Personal Data refers to the transfer of personal data from on… #
The GDPR provides that organizations must ensure that their transfers of personal data are lawful and secure, and that they must implement appropriate safeguards to protect personal data. Related terms include data export, data import, and international data transfer.
User Consent refers to the explicit agreement of an individual to the col… #
The GDPR provides that user consent must be informed, specific, and unambiguous, and that individuals have the right to withdraw their consent at any time.
Vendor Management refers to the process of managing and overseeing the <i… #
The GDPR provides that organizations must ensure that their vendors are compliant with data protection regulations, and that they must implement appropriate safeguards to protect personal data. Related terms include third-party risk management, supply chain management, and outsourcing.