Adequacy decision – a decision adopted by the European Commission, which establishes that a non-EU country ensures an adequate level of protection of personal data by reason of its domestic law or the international commitments it has entered into;
Binding Corporate Rules – personal data protection policies which are complied with by a controller or processor established on the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings;
Supervisory Authority – an independent public authority which is established by a Member State;
Lead Authority – the authority with the primary responsibility for dealing with a cross-border data processing activity;
Data Controller – natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
Data Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.