Privacy Glossary
Key privacy and compliance terms explained — from DSAR to pseudonymisation.
25 terms defined
Consent Manager
A platform or system used to capture, record, version, and manage individuals' consent for data processing activities.
Cross-Border Transfer
The transfer of personal data from one country to another, subject to restrictions under data protection laws.
Data Breach
A security incident in which personal data is accessed, disclosed, altered, or destroyed without authorisation.
Data Controller
An entity that determines the purposes and means of processing personal data.
Data Fiduciary
The Indian equivalent of a Data Controller under the DPDP Act — an entity that determines the purposes and means of processing personal data.
Data Minimisation
The principle that only personal data that is adequate, relevant, and limited to what is necessary should be collected and processed.
Data Principal
The individual to whom personal data relates, as defined under India's DPDP Act (equivalent to 'data subject' under GDPR).
Data Processor
An entity that processes personal data on behalf of and under the instructions of a Data Controller.
Data Subject
An identified or identifiable natural person whose personal data is being processed.
DPIA
Data Protection Impact Assessment — a systematic process to identify and minimise privacy risks in new processing activities.
DSAR
Data Subject Access Request — a formal request from an individual to access the personal data an organisation holds about them.
Lawful Basis
A legal justification under GDPR for processing personal data — one of six bases must apply before processing can begin.
Legitimate Interest
A lawful basis under GDPR for processing personal data when a controller has a genuine, proportionate interest that is not overridden by the data subject's rights.
Personal Data
Any information that relates to an identified or identifiable natural person.
Privacy by Design
An approach that embeds privacy protections into the design and architecture of systems and processes from the outset.
Privacy Impact Assessment
A process to systematically identify and address privacy risks in a project, system, or business process.
Pseudonymisation
The process of replacing directly identifying data with pseudonyms, so the data can no longer be attributed to a specific individual without additional information.
Right to Access
A data subject's right to obtain confirmation of whether their personal data is being processed and to receive a copy of it.
Right to Erasure
An individual's right to have their personal data deleted ('right to be forgotten') in certain circumstances.
Right to Data Portability
A data subject's right to receive their personal data in a structured, machine-readable format and to transfer it to another controller.
RoPA
Record of Processing Activities — a mandatory inventory of all personal data processing activities under GDPR Article 30.
Sensitive Personal Data
Categories of personal data that warrant heightened protection due to the elevated risk of harm if misused.
Standard Contractual Clauses
Pre-approved contract clauses issued by the European Commission for lawfully transferring personal data outside the EEA.
Sub-Processor
A third party engaged by a Data Processor to carry out processing activities on behalf of the Data Controller.
Put the theory into practice
TruePrivacy automates the compliance processes behind every term in this glossary.