GDPR glossary

Any information relating to a natural person who can be identified, directly or indirectly.

Persons whose personal data are affected by a data processing operation. 

Any operation or set of operations which may or may not be performed upon personal data or sets of personal data by automated means. The collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data are data processing operations. CNIL definition.

Any form of automated processing of personal data which consists in using such data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict elements concerning the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person. CNIL definition.

Defines precisely which data are protected by the GDPR and which data processing operations are governed by the GDPR.

Defines precisely the territory (and the population attached to it) concerned by the GDPR.

An organisation may be responsible for all the data processing carried out in the course of its business, but it may also delegate some or all of it. When an organisation delegates some data processing to a processor, it still remains a controller.