compliance - Concepts
Explore concepts tagged with "compliance"
Total concepts: 17
Concepts
- Inherent Risk - The level of risk present in an activity or process before any controls or mitigation measures are applied.
- Data Controller - The entity that determines the purposes and means of processing personal data, bearing primary responsibility for data protection compliance.
- Residual Risk - The level of risk that remains after risk mitigation controls and treatments have been applied.
- Data Minimization - The principle of collecting and retaining only the data that is necessary for a specific purpose.
- Personal Data - Any information that can identify or be used to identify an individual person.
- Data Retention Policy - A set of rules defining how long different types of data should be kept and when they should be deleted.
- Consent Management - The process of obtaining, recording, and respecting user permission for data collection and use.
- Pseudonymization - Replacing personal identifiers with artificial pseudonyms while maintaining the ability to re-identify when needed
- Purpose Limitation - The principle that personal data should only be collected for specified, explicit purposes and not processed in ways incompatible with those purposes.
- Accountability Principle - The requirement that organizations not only comply with data protection rules but must also demonstrate their compliance through documentation and evidence.
- Right to Be Forgotten - The right to have personal data erased when it's no longer needed or consent is withdrawn.
- Security Audit - A systematic evaluation of an organization's security posture against established standards and policies.
- Anonymization - Permanently removing or altering personal identifiers so individuals cannot be re-identified from the data
- Data Processor - An entity that processes personal data on behalf of and under the instructions of a data controller.
- Data Protection Impact Assessment - A systematic process to identify and minimize data protection risks of a project or system before it is implemented.
- GDPR - The European Union's comprehensive data protection regulation that sets strict rules for how organizations collect, store, and process personal data.
- Informed Consent - The process of obtaining permission from individuals based on clear understanding of what they are agreeing to and its implications.
← Back to all concepts