FAQ GDPR
Who does the GDPR affect?
The GDPR does not only apply to organisations located within the EU, but also to organisations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It does not matter where in the world a company is based - if it targets EU citizens, it must comply with the GDPR.
What is the difference between a data processor and a data controller?
A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity, which processes personal data on behalf of the controller.
What are common terms used in relation to GDPR?
- Data controller: the entity that determines the purposes, conditions and means of the processing of personal data
- Data Protection Impact Assessment: a tool used to identify and reduce the privacy risks of entities by analysing the personal data that are processed and the policies in place to protect the data
- Data processor: the entity that processes data on behalf of the data controller
- Data subject: a natural person whose personal data are processed by a controller or a processor
- Personal data breach: a breach of security leading to the accidental or unlawful access, destruction, misuse, etc. of personal data
- Personal data: any information related to a natural person that can be used to identify the person directly or indirectly
- Processing: any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.