C&L October 2017_LR (5)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Feature<br />
THE DATA PROTECTION LINGO<br />
Data Subject: The individual (natural entity) whose<br />
data is being used by the data controller and data processors.<br />
The data protection regulations are meant<br />
for protecting his/her right<br />
Personal Data: Any information related to a natural<br />
person or ‘Data Subject’, that can be used to directly or<br />
indirectly identify the person<br />
Data Controller: The entity that determines the purposes,<br />
conditions and means of the processing of<br />
personal data<br />
Data Processor: The entity that processes data, on<br />
behalf of the Data Controller by the definition of EU<br />
GDPR but also ‘independently’ by the definition in the<br />
private member bill introduced in the Indian Parliament<br />
Consent: The explicit permission given by the data<br />
subject to the controller to use his/her data for a purpose<br />
other than what it was collected for. Usually, that<br />
can be withdrawn at any time<br />
Data Erasure or Right to be Forgotten: The right of<br />
the data subject to have his/her personal data erased<br />
by requesting the data controller/processor/third parties<br />
associated with them<br />
Data Portability: Obligations on data controllers to<br />
provide the data subject with a copy of his or her data<br />
in a commonly used, machine readable format that<br />
can be transferred to another controller with ease<br />
Data Protection Authority: Regulators for ensuring<br />
data and privacy protection; the body may even be<br />
involved in making recommendations to make amendments<br />
to the data protection legislation<br />
Data Protection Officer: The executive within a data<br />
controller or processor accountable for ensuring data<br />
privacy and the data protection regulations are complied<br />
with<br />
Privacy by Design: A principle that calls for the inclusion<br />
of data protection from the onset of the designing<br />
of systems, rather than a later addition<br />
Pseudonymisation: The processing of personal data<br />
in such a manner that the personal data can no longer<br />
be attributed to a specific data subject without the<br />
use of additional information, provided that such additional<br />
information is kept separately and is subject to<br />
technical and organizational measures to ensure that<br />
the personal data are not attributed to an identified or<br />
identifiable natural person<br />
Right to be Forgotten: Also known as Data Erasure,<br />
it entitles the data subject to have the data controller<br />
erase his/her personal data, cease further dissemination<br />
of the data, and potentially have third parties<br />
cease processing of the data<br />
Right to Access: The right of the data subject to<br />
have access to and information about his/her personal<br />
data<br />
6 CIO&LEADER | <strong>October</strong> <strong>2017</strong>