The rules on what companies can do with collected data is starting to change as more privacy laws are being passed. It started with GDPR (General Data Protection Regulation) in the European Union. With it came heavy fines if you were found using collected consumer data improperly. With the regulation comes a handful of acronyms that mystify the process even more. GDPR and other laws like it don’t have to be hard to navigate once we clear up the terminology. Understanding Terms of GDPR and other Data Privacy laws is a first step toward planning how to manage customer data.
Data Controller – A person or entity that determines how to use the data.
Personal Data or Data Subject – Any information relating to identifying an actual person.
Processor – A person or entity that processes data on behalf of a Data Controller.
Customer Data – Data that you collect on customers during everyday activities.
DSR (Data Subject Requests) – A request by a Data Subject to a Data Controller to take actions such as change, restrict, or access their Customer Data you’ve collected on them.
Breach notification – This covers a breach of security that leads to the destruction, loss, alteration, or access to Customer Data a Data Controller or Processor has transmitted, stored or processed.
DPIA (Data Protection Impact Assessment) – This is an audit that Data Controllers are required to prepare in the event of ‘likely to result in high risk to the rights and freedoms of natural persons.’
Next set of terms are for DSRs which we talked about above. We will take a deeper dive into what a DSR or Data Subject Request looks like as you perform the actions. This is a high-level view of a process but yours may vary based on what data you process and where it is moved or stored.
Data Subject Requests
Discover – Search for Personal Data using in system-built tools of the individual that submitted the DSR. After discovery and you either have data or not you can…