compliance - Concepts
Explore concepts tagged with "compliance"
Total concepts: 19
Concepts
- Pseudonymization - Replacing personal identifiers with artificial pseudonyms while maintaining the ability to re-identify when needed
- AI Context Governance - Policies and practices for managing who can create, modify, and distribute AI context.
- Consent Management - The process of obtaining, recording, and respecting user permission for data collection and use.
- Residual Risk - The level of risk that remains after risk mitigation controls and treatments have been applied.
- Personal Data - Any information that can identify or be used to identify an individual person.
- Anonymization - Permanently removing or altering personal identifiers so individuals cannot be re-identified from the data
- Purpose Limitation - The principle that personal data should only be collected for specified, explicit purposes and not processed in ways incompatible with those purposes.
- Data Processor - An entity that processes personal data on behalf of and under the instructions of a data controller.
- Data Controller - The entity that determines the purposes and means of processing personal data, bearing primary responsibility for data protection compliance.
- Right to Be Forgotten - The right to have personal data erased when it's no longer needed or consent is withdrawn.
- Data Protection Impact Assessment - A systematic process to identify and minimize data protection risks of a project or system before it is implemented.
- Inherent Risk - The level of risk present in an activity or process before any controls or mitigation measures are applied.
- Data Minimization - The principle of collecting and retaining only the data that is necessary for a specific purpose.
- Informed Consent - The process of obtaining permission from individuals based on clear understanding of what they are agreeing to and its implications.
- Shadow AI - Unauthorized or unmonitored use of AI tools by employees outside IT governance, the AI equivalent of Shadow IT but faster-moving and harder to detect.
- GDPR - The European Union's comprehensive data protection regulation that sets strict rules for how organizations collect, store, and process personal data.
- Accountability Principle - The requirement that organizations not only comply with data protection rules but must also demonstrate their compliance through documentation and evidence.
- Data Retention Policy - A set of rules defining how long different types of data should be kept and when they should be deleted.
- Security Audit - A systematic evaluation of an organization's security posture against established standards and policies.
← Back to all concepts