Lawful Basis For Processing
Expert-defined terms from the Professional Certificate in GDPR and AI Data Privacy Compliance course at London School of Planning and Management. Free to read, free to share, paired with a professional course.
Accountability in GDPR refers to the responsibility of organizations to d… #
This concept is closely related to transparency and accountability principles, which require organizations to be open and honest about their data processing activities. In the context of the Professional Certificate in GDPR and AI Data Privacy Compliance, accountability is crucial as it ensures that organizations are taking necessary measures to protect personal data and respect individuals' rights.
Artificial Intelligence (AI) is a key concept in the Professional Certificate in… #
AI can be used for various purposes, such as predictive analytics and decision-making, but it also raises concerns about bias and discrimination. To address these concerns, organizations must ensure that their AI systems are designed and implemented in a way that is fair and transparent.
Automation in the context of GDPR refers to the use of technology to a… #
Automation can help organizations to streamline their processes and improve efficiency, but it also raises concerns about job displacement and lack of human oversight. To address these concerns, organizations must ensure that their automated systems are designed and implemented in a way that is secure and transparent.
Biometric Data is a type of sensitive personal data that is protected und… #
Biometric data includes fingerprints, facial recognition data, and iris scans, among other things. The processing of biometric data is subject to strict rules and requirements, including the need for explicit consent and special safeguards to protect the data.
Certification in the context of GDPR refers to the process of obtaining a… #
Certification can be obtained through independent audits and assessments, and it can help organizations to demonstrate their commitment to data protection and compliance.
Cloud Computing is a model of delivering computing services over t… #
Cloud computing raises concerns about data protection and security, as personal data may be transferred and stored in different locations. To address these concerns, organizations must ensure that their cloud computing services are designed and implemented in a way that is secure and compliant with the GDPR.
Consent is a key concept in the GDPR, as it refers to the permission that… #
Consent must be informed, specific, and unambiguous, and it can be withdrawn at any time. In the context of the Professional Certificate in GDPR and AI Data Privacy Compliance, consent is crucial as it ensures that individuals are in control of their personal data and that organizations are accountable for their actions.
Data Controller is an organization that determines the purposes an… #
Data controllers are responsible for ensuring that personal data is processed in a way that is compliant with the GDPR, and they must appoint a data protection officer to oversee their data processing activities.
Data Protection by Design is a principle in the GDPR that requires organi… #
This principle is closely related to data protection by default, which requires organizations to implement technical and organizational measures to protect personal data.
Data Protection Impact Assessment (DPIA) is a tool that organizations can… #
A DPIA is required when high-risk processing activities are involved, such as large-scale processing of sensitive personal data.
Data Protection Officer (DPO) is an individual who is appointed by… #
The DPO is responsible for monitoring data processing activities, providing advice to the organization, and cooperating with supervisory authorities.
Data Subject is an individual whose personal data is being proc… #
Data subjects have rights under the GDPR, including the right to access their personal data, the right to rectification, and the right to erasure.
Encryption is a technique that is used to protect personal data by… #
Encryption is a security measure that can help organizations to protect personal data against unauthorized access and data breaches.
GDPR is the General Data Protection Regulation, which is a regulation in… #
The GDPR applies to all organizations that process personal data of individuals in the European Union, regardless of their location.
Lawful Basis for Processing is a concept in the GDPR that refers to the <… #
There are six lawful bases for processing, including consent, contract, legal obligation, vital interests, public interest, and legitimate interests. Organizations must identify a lawful basis for processing before they can process personal data.
Legitimate Interests is a lawful basis for processing personal data, whic… #
However, this lawful basis is subject to conditions and limitations, including the need to respect the rights and freedoms of individuals.
Personal Data is any information that relates to an identified<… #
Personal data can include names, addresses, phone numbers, and email addresses, among other things. The GDPR protects personal data and requires organizations to process it in a way that is compliant with the regulation.
Processing is a concept in the GDPR that refers to any operation o… #
Organizations must process personal data in a way that is compliant with the GDPR.
Profiling is a form of automated processing of personal data, whic… #
Profiling is subject to rules and regulations under the GDPR, including the need for transparency and fairness.
Pseudonymization is a technique that is used to protect personal d… #
Pseudonymization is a security measure that can help organizations to protect personal data against unauthorized access and data breaches.
Security is a key concept in the GDPR, as it refers to the measures</i… #
Organizations must implement technical and organizational measures to ensure the security of personal data.
Sensitive Personal Data is a type of personal data that is particularl… #
Sensitive personal data includes racial or ethnic origin, political opinions, religious beliefs, and health data, among other things. The processing of sensitive personal data is subject to strict rules and requirements, including the need for explicit consent and special safeguards to protect the data.
Supervisory Authority is an independent authority that is responsible<… #
Supervisory authorities have powers to investigate data breaches, impose fines, and order organizations to comply with the GDPR.
Transfer of Personal Data is a concept in the GDPR that refers to the … #
The transfer of personal data is subject to rules and regulations under the GDPR, including the need for adequate safeguards to protect the data.
Vendor is a third #
party organization that provides goods or services to another organization. Vendors may have access to personal data, and organizations must ensure that their vendors are compliant with the GDPR.
Data Breach is a security incident in which personal data is ac… #
Data breaches can have serious consequences for individuals and organizations, including identity theft and financial loss. Organizations must have procedures in place to detect and respond to data breaches.
Data Erasure is the destruction or deletion of personal data, whic… #
Organizations must erase personal data when it is no longer needed or when an individual requests it.
Data Portability is the right of individuals to transfer their per… #
Data portability is a key concept in the GDPR, as it allows individuals to control their personal data and to switch between different service providers.
Data Protection by Default is a principle in the GDPR that requires organ… #
This principle is closely related to data protection by design, which requires organizations to design their data processing systems and processes in a way that is secure and compliant with the GDPR.
Data Subject Access Request (DSAR) is a request made by an individual to… #
Organizations must respond to DSARs within a reasonable timeframe and provide individuals with access to their personal data.
GDPR Compliance is the process of ensuring that an organization is com… #
GDPR compliance involves implementing technical and organizational measures to protect personal data, training employees, and conducting regular audits and assessments.
GDPR Training is the process of educating employees about the GDPR and it… #
GDPR training is essential for ensuring that employees understand their roles and responsibilities in protecting personal data and complying with the GDPR.
Information Security is the practice of protecting information fro… #
Information security is a key concept in the GDPR, as it requires organizations to implement technical and organizational measures to protect personal data.
International Data Transfers are transfers of personal data from one c… #
International data transfers are subject to rules and regulations under the GDPR, including the need for adequate safeguards to protect the data.
Lawful Processing is the processing of personal data in accordance with t… #
Lawful processing requires organizations to identify a lawful basis for processing before they can process personal data.
Personal Data Breach is a breach of security that leads to the acciden… #
Personal data breaches can have serious consequences for individuals and organizations, including identity theft and financial loss.
Privacy by Design is a principle in the GDPR that requires organizations… #
Privacy by Design is a principle in the GDPR that requires organizations to design their data processing systems and processes in a way that is private and compliant with the GDPR.
Risk Assessment is the process of identifying and evaluating the <… #
Risk assessments are essential for ensuring that organizations are aware of the risks associated with their data processing activities and can take steps to mitigate them.
Security Measures are the measures that organizations must take to pro… #
Security measures include technical and organizational measures, such as encryption, firewalls, and access controls.
Sensitive Data is a type of personal data that is particularly sensiti… #
Sensitive data includes racial or ethnic origin, political opinions, religious beliefs, and health data, among other things. The processing of sensitive data is subject to strict rules and requirements, including the need for explicit consent and special safeguards to protect the data.
Third #
Party Vendor is a third-party organization that provides goods or services to another organization. Third-party vendors may have access to personal data, and organizations must ensure that their vendors are compliant with the GDPR.
Data Minimization is the principle of processing only the minimum amou… #
Data minimization is a key concept in the GDPR, as it requires organizations to limit their data collection and processing activities to what is necessary and proportionate.
Data Quality is the principle of ensuring that personal data is accura… #
Data quality is a key concept in the GDPR, as it requires organizations to take steps to ensure that personal data is reliable and trustworthy.
Data Retention is the principle of retaining personal data for no long… #
Data retention is a key concept in the GDPR, as it requires organizations to establish retention periods for personal data and to erase personal data when it is no longer needed.
Data Storage is the principle of storing personal data in a secure … #
Data storage is a key concept in the GDPR, as it requires organizations to implement technical and organizational measures to protect personal data against unauthorized access and data breaches.
Data Transfer is the transfer of personal data from one organization</… #
Data transfer is a key concept in the GDPR, as it requires organizations to implement technical and organizational measures to protect personal data during transfer.
The DPO is responsible for monitoring data processing activities,… #
The DPO is responsible for monitoring data processing activities, providing advice to the organization, and cooperating with supervisory authorities.
GDPR Audit is the process of evaluating an organization's compliance</… #
GDPR audits are essential for ensuring that organizations are aware of their compliance status and can take steps to address any gaps or deficiencies.
GDPR Compliance Framework is the framework that organizations use to a… #
The GDPR compliance framework includes technical and organizational measures, such as policies, procedures, and training.
GDPR Gap Analysis is the process of identifying the gaps between a… #
GDPR gap analysis is essential for ensuring that organizations are aware of their compliance status and can take steps to address any gaps or deficiencies.
GDPR Implementation is the process of implementing the GDPR requirements… #
GDPR implementation involves technical and organizational measures, such as policies, procedures, and training.
GDPR Risk Assessment is the process of identifying and evaluating … #
GDPR risk assessment is essential for ensuring that organizations are aware of the risks associated with their data processing activities and can take steps to mitigate them.
GDPR Training and Awareness is the process of educating employees about t… #
GDPR training and awareness is essential for ensuring that employees understand their roles and responsibilities in protecting personal data and complying with the GDPR.
International Data Transfer Agreement is the agreement that organizations… #
International data transfer agreements are essential for ensuring that personal data is protected during transfer and that the rights of individuals are respected.
Lawful Basis for Processing is the legal ground on which an organization… #
Lawful Basis for Processing is the legal ground on which an organization can process personal data.
Personal Data Protection is the process of protecting personal data again… #
Personal data protection is a key concept in the GDPR, as it requires organizations to implement technical and organizational measures to protect personal data.
Privacy Impact Assessment is the process of evaluating the impact … #
Privacy impact assessments are essential for ensuring that organizations are aware of the privacy risks associated with their data processing activities and can take steps to mitigate them.
Security Measures for Personal Data are the measures that organizations m… #
Security measures for personal data include technical and organizational measures, such as encryption, firewalls, and access controls.
Third #
Party Data Processor is a third-party organization that processes personal data on behalf of another organization. Third-party data processors must comply with the GDPR and implement technical and organizational measures to protect personal data.
Data Subject Rights are the rights that individuals have under the GDPR,… #
Data subject rights are essential for ensuring that individuals are in control of their personal data and that organizations are accountable for their actions.
GDPR Compliance Checklist is the checklist that organizations use to e… #
GDPR compliance checklists are essential for ensuring that organizations are aware of their compliance status and can take steps to address any gaps or deficiencies.
GDPR Data Protection Impact Assessment is the assessment that organizatio… #
GDPR data protection impact assessments are essential for ensuring that organizations are aware of the risks associated with their data processing activities and can take steps to mitigate them.
GDPR Data Subject Access Request is the request that individuals make to… #
GDPR data subject access requests are essential for ensuring that individuals are in control of their personal data and that organizations are accountable for their actions.
GDPR Personal Data Breach Notification is the notification that organizat… #
GDPR personal data breach notifications are essential for ensuring that organizations are transparent and accountable for their actions.
GDPR Principles are the principles that organizations must follow when <i… #
GDPR principles are essential for ensuring that organizations are accountable for their actions and that individuals are protected from harm.
GDPR Risk Management is the process of identifying and evaluating … #
GDPR risk management is essential for ensuring that organizations are aware of the risks associated with their data processing activities and can take steps to mitigate them.
GDPR Security Measures are the measures that organizations must take to <… #
GDPR security measures include technical and organizational measures, such as encryption, firewalls, and access controls.
GDPR Training for Employees is the training that organizations provide to… #
GDPR training for employees is essential for ensuring that employees understand their roles and responsibilities in protecting personal data and complying with the GDPR.
Data Protection by Design and Default is the principle of designing and i… #
Data protection by design and default is essential for ensuring that organizations are accountable for their actions and that individuals are protected from harm.
GDPR and AI is the relationship between the GDPR and artificial intell… #
The GDPR applies to the processing of personal data by artificial intelligence systems, and organizations must ensure that their AI systems are designed and implemented in a way that is compliant with the GDPR.
GDPR and Data Protection is the relationship between the GDPR and data… #
The GDPR is a regulation that protects the rights of individuals with regard to the processing of their personal data, and organizations must ensure that they are compliant with the GDPR when processing personal data.
GDPR and Personal Data is the relationship between the GDPR and person… #
The GDPR applies to the processing of personal data, and organizations must ensure that they are compliant with the GDPR when processing personal data.
GDPR and Security is the relationship between the GDPR and security</i… #
The GDPR requires organizations to implement technical and organizational measures to protect personal data against unauthorized access, use, disclosure, disruption, modification, or destruction.
GDPR and Third #
Party Vendors is the relationship between the GDPR and third-party vendors. Organizations must ensure that their third-party vendors are compliant with the GDPR when processing personal data on their behalf.
GDPR Compliance for Small and Medium #
Sized Enterprises is the process of ensuring that small and medium-sized enterprises are compliant with the GDPR. GDPR compliance for small and medium-sized enterprises involves technical and organizational measures, such as policies, procedures, and training.
GDPR Compliance for Large Enterprises is the process of ensuring that lar… #
GDPR compliance for large enterprises involves technical and organizational measures, such as policies, procedures, and training.
GDPR Data Protection Officer is the individual who is appointed by… #
The GDPR data protection officer is responsible for monitoring data processing activities, providing advice to the organization, and cooperating with supervisory authorities.
GDPR Personal Data is the type of data that is protected by… #
GDPR personal data includes names, addresses, phone numbers, and email addresses, among other things.
GDPR Principles for Processing Personal Data are the principles that orga… #
GDPR principles for processing personal data are essential for ensuring that organizations are accountable for their actions and that individuals are protected from harm.
GDPR Risk Assessment and Mitigation is the process of identifying and … #
GDPR Risk Assessment and Mitigation is the process of identifying and evaluating the risks associated with processing personal data, and taking steps to mitigate those risks.