At Proxyclick, we're not fans of throwing around words nobody understands.
So we've compiled a list of key terminology defining the topic of GDPR and visitor management, listed in alphabetical order:
Consent— This is any freely given, specific, informed and unambiguous indication of the individual’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Consent as a legal basis can be withdrawn by the individual at any time. Therefore, it is often advisable to investigate whether other legal bases are possible.
Data Controller — The entity which alone, or jointly with others, determines the purposes and means of certain processing of personal data. It is the entity that determines why and how a certain set of personal data is processed.
Data Minimization — The act of only collecting personal that is needed to achieve its intended purpose. Furthermore, such data should only be retained for as long as it serves said purposes.
Data Processing — Any operation performed on personal data, manually or automatically, from the collection of the data to its destruction. This includes collecting, storing, sharing, viewing altering, using it for marketing purposes, payroll administration, etc. – until deletion.
Data Processing Agreement (DPA) — A special agreement that has to be signed between the controller and the processor and sets out the obligations processor has towards the processor. This applies to agreements entered into between controllers and processors as of 25th of May, 2018, but it also applies to collaborations that were already in place before this date, in which case the current agreements ought to be reviewed and updated, typically via an addendum.
Data Processor — An individual or an entity which processes personal data on behalf of a controller.
Data Protection Officer (DPO) — The person in the company designated to advise on the obligations the controller or processor has under the GDPR and monitors the level of compliance with the GDPR.
Data Subject – The person to whom a piece of personal data belongs. An individual who can be clearly identified from the data in question.
Legitimate interests — Legitimate interests can only be used as a legal basis for processing when they don’t override the interests or fundamental rights and freedoms of the individual whose personal data is processed. To see whose interest prevails, a balance of interests test will have to be performed.
Personal data — Any information relating to an identified or identifiable natural person, namely, the "Data Subject.". If a set of data can be attributed to an individual, it is considered personal data, even when the data is used in a business environment.
Right to erasure (“right to be forgotten”) — An individual can require a controller to delete their personal data when the continued processing of that personal data is no longer justified.
For more clarification, and examples, you can download our GDPR white paper: Checking into data privacy