DPA
DPA
A data processing agreement or addendum (DPA) is a contract between data controllers and data processors or data processors and subprocessors. The goal of the DPA is to ensure that each entity is operating in compliance with the GDPR or other privacy laws.
GDPR
GDPR
The General Data Protection Regulation (GDPR) regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU.
Data Controller
Data Controller
The Data Controller is the entity that determines the means and purposes for processing of personal data.
In other words, the entity that processes personal data for its own purposes, or has others process the data on its behalf.
Data Processor
Data Processor
The Data Processor is the entity that processes the data strictly on behalf of the Controller.
Sub-Processor
Sub-Processor
The Sub-Processor is the entity that processes the data on behalf of the Data Processor – meaning, data that the Processor itself is processing on behalf of its Controller.
Legal Basis
Legal Basis
The GDPR requires a valid legal basis for processing personal data. The law provides six legal bases for processing: consent, performance of a contract, a legitimate interest, a vital interest, a legal requirement, and a public interest.
Consent
Consent
Consent means offering individuals real choice and control. It must be freely given, specific, informed and unambiguous.
Genuine consent should put individuals in charge.
CCPA
CCPA
The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents.
Personal Data
Personal Data
Personal data, also known as personal information or PII - means any information relating to an identified or identifiable natural person, or in privacy terms a “data subject”.
Pseudonymization
Pseudonymization
Pseudonymization is the process of removing personal identifiers from data and replacing those identifiers with placeholder values.
Anonymization
Anonymization
During the anonymization process, data is stripped of any identifiable information to the point that it is no longer identifiable. This process is irreversible.
Data Breach
Data Breach
A personal data breach is an accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.
This includes breaches that are the result of both accidental and deliberate causes.
Right to be deleted
Right to be deleted
Also known as 'the right to be forgotten'. Individuals can make a request for erasure verbally or in writing. A respond to that request must be maid within a month.
Right to rectification
Right to rectification
The right of individuals to have inaccurate personal data rectified, or completed if it is incomplete. A respond to that request must be maid within a month.
Right to be informed
Right to be informed
Individuals have the right to be informed about the collection and use of their personal data. Information must be provided at the time of collection.
The right of access
The right of access
Individuals have the right to obtain a copy of their personal data, as well as other supplementary information.
The right to restrict processing
The right to restrict processing
Individuals has the right to restrict the processing of their personal data in certain circumstances.
The right to data portability
The right to data portability
This right allows individuals to obtain and reuse their personal data for their own purposes.
It allows them to move, copy or transfer personal data easily.
The right to object
The right to object
Individuals has the right to object to the processing of their personal data in certain circumstances. You must tell individuals about their right to object.
The 7 key principles of GDPR
The GDPR sets out seven key principles:
Lawfulness, fairness and transparency, Purpose limitation, Data minimization, Accuracy, Storage limitation, Integrity and confidentiality and Accountability.
Legitimate Interest
Legitimate interests is a lawful basis for processing personal data.
It is likely to be used where you use people’s data in ways they would reasonably expect, or where there is a justification for the processing.
Privacy Policy
Privacy Policy
A Privacy Policy
(sometimes known as 'Privacy Notice') refers to information about why you need people's personal data, what you plan to do with it, how long you're going to keep it, and if you'll share it with anyone else.
Cookie Policy
Cookie Policy
A cookie policy is a list of all the cookies in use on your website with a detailed explanation about each tracker to provide your visitors information on how their personal data is being processed when visiting your site.
Cookies
Cookies
Cookies are text files with small pieces of data that are used to identify your computer as you use a computer network. Since cookies can identify an individual - it is considered personal data.
Lawfulness
Lawfulness
Lawfulness means that you must rely on a legal basis (one out of six legal bases) for any kind of data processing.
Fairness
Fairness
Fairness means that data processing must be done in ways that people would reasonably expect to be processed. This mainly depends on the way data has been obtained.
Transparency
Transparency
Transparency means that data subjects should know the identity of controllers and the purposes of the processing via the Privacy Policy.
Purpose limitation
Purpose limitation
Personal data needs to be collected only for specified, explicit and legitimate purposes and it cannot be processed further in any way that is not compatible with those purposes.
Accuracy
Accuracy
The right of individuals to have inaccurate personal data rectified, or completed if it is incomplete. A respond to that request must be maid within a month.
Storage Limitation
Storage Limitation
The principle of storage limitation means that organizations shouldn't keep personal data for longer than needed.
Integrity and confidentiality
Integrity and confidentiality
The principle of integrity and confidentiality means that you must have appropriate security measures in place to protect the personal data you hold.
Privacy Champions
Privacy Champions
The role of the privacy champions is to promote the privacy program within their organization/department, to take part in the implementation of key policies and procedures, and to identify privacy issues and risks.
Accountability
Accountability
The organization's responsibility for complying with privacy regulations and the ability to demonstrate such compliance.