Data Subject: Any individual about whom an organization holds personal information. In the IEEE context, the organization could be IEEE, Societies, Councils, and Technical Communities.
Personal Data: Any information relating to an identified or identifiable person (data subject). Examples include name, telephone number, email address, location data, IP address or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
Data Subject Request: A formal request by an individual from the EU to avail themselves of their rights under GDPR. This would include obtaining copies of their data, requesting changes to it, restricting the processing of it, deleting it, or receiving it in an electronic format so it can be moved to another data controller.
Data Controller: Any entity that determines the purposes, conditions, and means of the processing of personal data. In many situations IEEE may be considered a Data Controller because of its collection and use of personal data.
Data Processor: Any entity that processes personal data on behalf of the controller. A data processor may be a person or third-party organization that the data controller chooses to use for specific purposes to process data.
IEEE Data User: As part of their responsibilities, IEEE volunteers, staff, and associated third parties acting on behalf of IEEE (referred to as "IEEE Data Users") may have the opportunity to obtain access, and/or process personal data of individuals who interact with IEEE.
Distinction between Data Controller, Data Processor, and IEEE Data User: Data Controllers are the entities that determine the purposes, conditions, and means of the processing of personal data, so they determine how data will be collected, stored, used, secured, and retained (so, for us, the IEEE is usually the Data Controller). Data Processors are third-party entities who process data on behalf of the Data Controllers (so, this would be our vendors and consultants who are contractually obligated to process our data). Data Users are the persons who act as agents of the Data Controller, so the employees and volunteers, who collect, process, use, secure, and retain the personal data as a part of the ongoing activities of the Data Controller.