GDPR Resource Center



Public Registry


EMEA Advisory Board

GDPR Glossary of Terms

  • Article 29 Working PartyThe Article 29 Working Party (referred to as “WP29”) is made up of a representative from the data protection authority of each EU Member State, the European Data Protection Supervisor and the European Commission. The composition and purpose of WP29 was set out in Article 29 of the Data Protection Directive, and it was launched in 1996. WP29’s mission is to provide expert advice to the EU Member States regarding data protection and promote the consistent application of the Data Protection Directive.
  • Data Protection Authority – National authorities tasked with the protection of data and privacy as well as monitoring and enforcement of the data protection regulations within the Union
  • Data Protection Officer – An expert on data privacy who works independently to ensure that an entity is adhering to the policies and procedures set forth in the GDPR
  • Data Controller – The entity that determines the purposes, conditions and means of the processing of personal data.
  • Data Processor – The entity that processes data on behalf of the Data Controller.
  • Data Subject – a natural person whose personal data is processed by a controller or processor
  • General Data Protection Regulation (GDPR)A regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union.
  • Privacy Level Agreement Code of Conduct – A document created by the Cloud Security Alliance Privacy Level Agreement (PLA) Working Group to provide guidance for legal compliance and the necessary transparency on the level of data protection offered by a Cloud Service Provider.
  • Right to be forgotten – also known as Data Erasure, it entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data
  • Security, Trust & Assurance Registry (STAR) – The CSA STAR is a program designed to provide transparency and assurance about the security and privacy posture of cloud services. STAR aims to support cloud customers and providers in making informed risk decision about their cloud implementations. The program is based on CSA best practices, which implementation is validated through different types of audits and assessment.
  • Supervisory Authority – A public authority which is established by a member state in accordance with Article 46

For more GDPR terms, visit http://www.eugdpr.org/glossary-of-terms.html.