Skip to content
PrivaBaseBeta
FeaturesPricingCompareGuidesBlogGlossaryTools
Log InStart Free

GLOSSARY

Privacy & Compliance Glossary

Definitions for 30+ privacy and data protection terms you need to know.

ABCDGHLPRS

A

Adequacy Decision

A determination by the European Commission that a country provides an adequate level of data protection for EU personal data transfers.

B

Binding Corporate Rules (BCRs)

Internal data protection policies approved by EU data protection authorities for intra-group international transfers.

C

CCPA (California Consumer Privacy Act)

California's landmark privacy law giving consumers rights over their personal information, including the right to know, delete, and opt-out of data sales.

Consent

A lawful basis for processing personal data where the individual has given clear, informed, affirmative agreement.

Cookie Consent

The requirement to obtain user permission before setting non-essential cookies on their device.

Cross-Border Data Transfer

The transfer of personal data from one country or jurisdiction to another.

D

Data Breach

A security incident that leads to unauthorized access, disclosure, alteration, or destruction of personal data.

Data Controller

The entity that determines the purposes and means of processing personal data.

Data Mapping

The process of identifying and documenting what personal data an organization collects, where it is stored, and how it flows.

Data Portability

The right to receive personal data in a structured, machine-readable format and transfer it to another service.

Data Processor

An entity that processes personal data on behalf of the data controller.

Data Retention

Policies governing how long personal data is stored before being deleted or anonymized.

DPA (Data Processing Agreement)

A legally binding contract between a data controller and data processor that governs how personal data is processed.

DPIA (Data Protection Impact Assessment)

A systematic process to evaluate and minimize data protection risks of a project or processing activity.

DPO (Data Protection Officer)

A designated individual responsible for overseeing data protection strategy and compliance within an organization.

DSR (Data Subject Request)

A formal request from an individual exercising their privacy rights, such as access, deletion, or correction of personal data.

G

GDPR (General Data Protection Regulation)

The EU's comprehensive data privacy regulation that governs how organizations collect, process, and store personal data of EU residents.

H

HIPAA (Health Insurance Portability and Accountability Act)

US federal law that establishes standards for protecting sensitive patient health information (PHI).

L

Lawful Basis

A legal justification required under GDPR for processing personal data, such as consent, contract, or legitimate interest.

Legitimate Interest

A GDPR lawful basis for processing data when an organization has a genuine, justified reason that does not override individual rights.

P

PHI (Protected Health Information)

Individually identifiable health information that is protected under HIPAA.

PII (Personally Identifiable Information)

Any information that can be used to identify a specific individual, such as name, email, SSN, or IP address.

Privacy by Design

An approach where privacy considerations are embedded into systems and processes from the design phase.

Privacy Impact Assessment (PIA)

A systematic assessment of a project to identify and reduce privacy risks.

Privacy Shield

A now-invalidated framework for EU-US data transfers, replaced by the EU-US Data Privacy Framework.

R

Records of Processing Activities (ROPA)

Documentation required by GDPR of all personal data processing activities within an organization.

Right to Access (Subject Access Request)

An individual's right to obtain a copy of their personal data and information about how it is processed.

Right to Erasure (Right to be Forgotten)

An individual's right under GDPR to request deletion of their personal data.

S

Special Category Data

Sensitive personal data under GDPR that receives additional protection, including health, biometric, racial, and religious data.

Standard Contractual Clauses (SCCs)

Pre-approved contractual terms for transferring personal data to countries outside the EEA.

Supervisory Authority (Data Protection Authority)

An independent public authority responsible for monitoring and enforcing data protection laws.

Need Help With Privacy Compliance?

PrivaBase automates compliance across 135+ frameworks. Start free.

Start Free
PrivaBaseBeta

Automated privacy compliance for modern teams.

Product

  • Features
  • Pricing
  • Privacy Policy Generator
  • Compare

Resources

  • GDPR Guide
  • HIPAA Guide
  • CCPA Guide
  • UK GDPR Guide
  • Privacy Glossary
  • Blog

Legal

  • Terms of Service
  • Privacy Policy
  • Your Privacy Choices
  • Do Not Sell My Personal Information
  • Cookie Policy
  • DPA
  • Subprocessors

Company

  • Security
  • Data Requests
  • Accessibility
  • Contact
  • API Docs
  • Status

Your Privacy Rights

You have the right to know what personal data we collect, request its deletion, opt out of data sales or sharing, and exercise these rights without discrimination. To submit a privacy request, email privacy@privabase.com or visit our Data Request page.

Data Protection Officer

For GDPR inquiries or data protection concerns, contact our DPO at dpo@privabase.com. Spoon Seller LLC · 110 Coliseum Crossing #5392, Hampton, VA 23666

© 2026 Spoon Seller LLC. All rights reserved.
TermsPrivacyDo Not Sell My InfoData Requests