Appendix D


A process that strips out any information that can identify a particular person, by means of encryption or another method. For data to be truly anonymized, the process must be irreversible. See also pseudonymization.
Part of the General Data Protection Regulation (GDPR) that outlines the legal requirements organizations must follow to achieve and maintain compliance.
Article 29 Working Party:
A guiding entity regarding data protection issues. The party ceased to formally exist when the GDPR came into effect, but its guidance is still relevant. It has been replaced by the European Data Protection Board. For simplicity, any guidance produced by the Article 29 Working Party is referred to in this book as being issued by the European Data Protection Board.
automated decision making:
The process of making a decision by automated means without any human involvement.
binding corporate rules:
Internal rules approved on an individual basis by supervisory authorities for data transfers within multinational organizations that allow such organizations to transfer personal data within the same group of companies to countries that do not provide an adequate level of protection without any further safeguards.
biometric data:
Personal data resulting from specific technical processing relating to the physical, physiological, or behavioral characteristics of a natural person which allow or confirm the unique identification of that natural person, such ...

Get GDPR For Dummies now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.