GLOSSARY

Privacy & Compliance Glossary

Definitions for 30+ privacy and data protection terms you need to know.

A

Adequacy Decision

A determination by the European Commission that a country provides an adequate level of data protection for EU personal data transfers.

B

Binding Corporate Rules (BCRs)

Internal data protection policies approved by EU data protection authorities for intra-group international transfers.

C

CCPA (California Consumer Privacy Act)

California's landmark privacy law giving consumers rights over their personal information, including the right to know, delete, and opt-out of data sales.

Consent

A lawful basis for processing personal data where the individual has given clear, informed, affirmative agreement.

Cookie Consent

The requirement to obtain user permission before setting non-essential cookies on their device.

Cross-Border Data Transfer

The transfer of personal data from one country or jurisdiction to another.

D

Data Breach

A security incident that leads to unauthorized access, disclosure, alteration, or destruction of personal data.

Data Controller

The entity that determines the purposes and means of processing personal data.

Data Mapping

The process of identifying and documenting what personal data an organization collects, where it is stored, and how it flows.

Data Portability

The right to receive personal data in a structured, machine-readable format and transfer it to another service.

Data Processor

An entity that processes personal data on behalf of the data controller.

Data Retention

Policies governing how long personal data is stored before being deleted or anonymized.

DPA (Data Processing Agreement)

A legally binding contract between a data controller and data processor that governs how personal data is processed.

DPIA (Data Protection Impact Assessment)

A systematic process to evaluate and minimize data protection risks of a project or processing activity.

DPO (Data Protection Officer)

A designated individual responsible for overseeing data protection strategy and compliance within an organization.

DSR (Data Subject Request)

A formal request from an individual exercising their privacy rights, such as access, deletion, or correction of personal data.

G

GDPR (General Data Protection Regulation)

The EU's comprehensive data privacy regulation that governs how organizations collect, process, and store personal data of EU residents.

H

HIPAA (Health Insurance Portability and Accountability Act)

US federal law that establishes standards for protecting sensitive patient health information (PHI).

L

Lawful Basis

A legal justification required under GDPR for processing personal data, such as consent, contract, or legitimate interest.

Legitimate Interest

A GDPR lawful basis for processing data when an organization has a genuine, justified reason that does not override individual rights.

P

PHI (Protected Health Information)

Individually identifiable health information that is protected under HIPAA.

PII (Personally Identifiable Information)

Any information that can be used to identify a specific individual, such as name, email, SSN, or IP address.

Privacy by Design

An approach where privacy considerations are embedded into systems and processes from the design phase.

Privacy Impact Assessment (PIA)

A systematic assessment of a project to identify and reduce privacy risks.

Privacy Shield

A now-invalidated framework for EU-US data transfers, replaced by the EU-US Data Privacy Framework.

Need Help With Privacy Compliance?

PrivaBase automates compliance across 135+ frameworks. Start free.

Start Free