Skip to Main Content
Idaho State University

Glossary of Terms:

  • Data Controller – The original recipient of the data subject’s personal data. Has the power and responsibility to direct how the data is to be held and used.
  • Data Processor – Any entity that processes data on behalf of the data controller. Data controller and data processor may be the same entity.
  • Data Protection Officer – An employee or contractor of the data controller responsible for monitoring compliance with GDPR, advising on processing activities and data protection practices, and serving as the contact for supervisory authorities and the public regarding data protection.
  • Data Subject – Those whose personal data is being obtained and/or processed.
  • EU – 28 countries currently make up the European Union: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, United Kingdom (the UK has voted to leave the EU but is currently still a member).
  • Personal Data – Any data relating to an identified or identifiable person.
  • Personal Information – Data that is not Personal Sensitive Information created by or provided to a Data Controller or Data Processor including name, email address, ID number, user IDs, account numbers, photos, and electronic identifiers such as IP addresses or other online identifiers and device IDs,.
  • Personal Sensitive Information – Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Processing of personal sensitive data requires explicit informed consent of the data subject.
  • Processing – Any use of data for any purpose.