Key Terms for General Data Protection Regulation2 min read


Everyone is talking about the General Data Protection Regulation and how it will affect their organisation and their customers. Many companies, including CyNation, offer various solutions to compliance with the EU GDPR. But we at CyNation believe that the road to developing a good security posture in the organisations starts with awareness and that means understanding the terms being thrown around.

  • Personal data means any information relating to an identifiable person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, by identifiers such as a name, an identification number, location data, an email or specific physical, physiological, genetic, mental, economic, cultural or social identity of that person.
  • Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Controller means the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller may be defined by Union or Member State law. (the user gives their email address to an online retailer who is collecting the data for marketing purposes – the online retailer is the controller)
  • Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. (i.e. The retailer above ask another organisation to analyse the customer data by monitoring their preferences behaviour- this other organisation is the processor)
  • Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
  • Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. (i.e. Using pseudonyms to replace peoples real names)
  • Profiling means any form of automated processing of personal data to analyse aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. ( i.e. Using personal data to determine who is most likely to buy products or services of the organisations, or
  • Cross-border processing means either:

(a) processing of personal data which takes place in more than one Member State

(b) processing of personal data which substantially affects or is likely to substantially affect data subjects in more than one Member State.

 Want To Know More?

United Kingdom

+44 020 3190 5000

The Rain Cloud Victoria
76 Vincent Square
London, SW1P 2PD


The Hague Security Delta
Wilhelmina van Pruisenweg 104
2595 AN Den Haag

Newsletter Signup

%d bloggers like this: