List of terminology used, Lecture 1

List of terminology used

  1. Adequacy decision – a decision adopted by the European Commission, which establishes that a non-EU country ensures an adequate level of protection of personal data by reason of its domestic law or the international commitments it has entered into;
  2. Binding Corporate Rules – personal data protection policies which are complied with by a controller or processor established on the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings;
  3. Supervisory Authority – an independent public authority which is established by a Member State;
  4. Lead Authority – the authority with the primary responsibility for dealing with a cross-border data processing activity;
  5. Data Controller – natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
  6. Data Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.