Terms to Know

Suggest Edits

Personal Data and PII

Personal Data and Personally Identifiable Information (PII) consist of information that, on its own or combined with a limited amount of other data, can be used to identify a person such as their name, home address, passport number, email address, and so forth.

Personal Data is a legal term defined by the GDPR while PII is commonly used in business.

Learn more about Personal Data and PII.

Data Subject

A data subject refers to any individual person who can be identified, directly or indirectly, via Personal Data or PII.

Data Controller

Businesses that collect Personal Data from their customers are referred to as data controllers. in the context of GDPR. A Data Controller decides what to do with the data that’s been collected. If you run a website that uses any marketing or analytics services you are a controller.

Processing

In the context of GDPR processing means any operations (automated or not) which are performed on Personal Data including (but not limited to):

  • collection and storage
  • consultation
  • adaptation or alteration
  • disclosure or dissemination
  • erasure or destruction

Data Processor

The GDPR draws a distinction between the data controller determines the purposes for which and the means by which Personal Data is processed and those that are involved in its processing on behalf of the controller. The data processor is usually a third party external to the company.

Purpose

A purpose in this API is a high level description as to the application of how Personal Data will be used by an organization. Examples of purposes include:

  • Customer relationship management
  • Payroll management
  • Maintenance of medical records
  • Creditworthiness assessment

DPOs may use keywords to search for storage retention rules for Personal Data based on the purpose for which it will be used.

Treatment Sheet

A treatment sheet is the document the DPO needs to fulfill to declare all the “treatments” of the personal data a company is controlling. This document contains all the Personal Data the company collects on users and what they have been doing with it. This document is at the center of the GDPR, because it contains much of the information about the personal data collected by the company such as:

  • Where the data is stored
  • What the security measures are being used to prevent data breaches
  • Why the company store that data
  • The type of “contract” the company has to collect this particular data (e.g. consent)

Updated over 2 years ago