Bulletin 7: Data Privacy Terms and Definitions
IEEE Technical Activities Bulletin #7
Topic: Data Privacy Terms and Definitions
Bulletin Type: Action
Audience: IEEE Volunteers and IEEE Staff
Version 2 - July 2021
If you feel like you have had to learn a completely new language because of the General Data Protection Regulation (GDPR) you are not alone. Here we break down many of the common terms and their meaning. Since these terms are ever evolving (and growing!) you can stay up-to-date with the “GDPR Dictionary” on the TAOPs website.
What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation on data protection and privacy for all individuals within the EU and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. It came into effect on 25 May 2018. Other countries and even US states have implemented similar regulations. While you may see just the term “GDPR,” we have tried to adapt our guidance to meet the requirements of the broader set of regulations.
Data Subject: Any individual about whom an organization holds personal information. In the IEEE context, the organization could be IEEE, Societies, Councils, and Technical Communities.
Personal Data: Any information relating to an identified or identifiable person (Data Subject). Examples include name, telephone number, email address, location data, IP address or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
Data Subject Request: A formal request by a Data Subject availing themselves of their rights under GDPR. This could include obtaining copies of their data, requesting changes to it, restricting the processing of it, deleting it, or receiving it in an electronic format so it can be moved to another data controller.
Data Controller: Any entity that determines the purposes, conditions, and means of the processing of Personal Data. In many situations, IEEE may be considered a Data Controller because of its collection and use of personal data.
Data Processor: Any entity that processes personal data on behalf of the Data Controller. A Data Processor may be a third-party that the Data Controller chooses to use for specific purposes to Process Data.
IEEE Data Access and Use Policy: As part of their responsibilities, IEEE volunteers and staff acting on behalf of IEEE (referred to as “IEEE Data Users”) may have the opportunity to collect, access, use and/or process personal data of individuals who interact with IEEE. This IEEE Data can be used to gain valuable business insights, make key business decisions on behalf of IEEE and advance the mission of IEEE. This Policy defines the processes, rules and procedures that IEEE Data Users must follow when collecting, accessing, using (including sharing, publishing, and emailing) managing, and processing IEEE Data.
How can I learn more?
Please share this information with additional volunteers, contractors, temporary employees, interns, and consultants as needed.
If you have questions or need assistance, please contact TA Answer Central.