| No. | Item | Definition |
|---|---|---|
| 1. | access | ability to view data |
| 2. | accountability | duty to demonstrate compliance |
| 3. | anonymization | removing identifiable elements permanently |
| 4. | assessment | evaluation of impact or risk |
| 5. | audit | formal review of practices |
| 6. | authentication | verifying identity |
| 7. | authorization | granting permitted access |
| 8. | availability | ensuring data is accessible |
| 9. | backup | copy kept for recovery |
| 10. | BCRs | internal cross-border privacy rules |
| 11. | breach | security incident exposing data |
| 12. | children’s data | personal data about minors |
| 13. | classification | grouping data by sensitivity |
| 14. | collection | gathering personal information |
| 15. | compliance | meeting legal requirements |
| 16. | confidentiality | keeping information secret |
| 17. | consent | permission for data use |
| 18. | contract | binding legal agreement |
| 19. | controller | entity deciding data purposes |
| 20. | damages | money for proven harm |
| 21. | data minimization | collect only necessary data |
| 22. | data subject | person the data concerns |
| 23. | destruction | securely disposing of data |
| 24. | device ID | identifier for a device |
| 25. | disclosure | sharing data with others |
| 26. | DPA | data processing agreement |
| 27. | DPIA | privacy impact assessment |
| 28. | employee data | personal data about workers |
| 29. | encryption | encoding data for protection |
| 30. | enforcement | official action to ensure compliance |
| 31. | erasure | deleting personal data |
| 32. | ethics | moral principles guiding decisions |
| 33. | exemption | legal exception to a rule |
| 34. | fairness | reasonable and non-deceptive treatment |
| 35. | fine | monetary penalty |
| 36. | geolocation | location information from devices |
| 37. | governance | oversight of data practices |
| 38. | hashing | one-way transformation of data |
| 39. | health data | information about medical status |
| 40. | identifier | data pointing to a person |
| 41. | incident | event affecting security or privacy |
| 42. | inference | conclusion drawn from data |
| 43. | integrity | keeping data accurate and whole |
| 44. | inventory | record of data assets |
| 45. | investigation | formal examination of an issue |
| 46. | IP address | network address linked to activity |
| 47. | jurisdiction | legal authority area |
| 48. | lawful basis | legal reason for processing |
| 49. | least privilege | minimum access needed |
| 50. | legitimate interest | business reason balanced with rights |
| 51. | liability | legal responsibility for harm |
| 52. | linkability | ability to connect records |
| 53. | logging | recording system events |
| 54. | mapping | documenting data flows |
| 55. | metadata | data describing other data |
| 56. | mitigation | reducing harm or risk |
| 57. | monitoring | ongoing observation of activity |
| 58. | necessity | required for a purpose |
| 59. | need-to-know | access only when necessary |
| 60. | notice | statement explaining data practices |
| 61. | notification | formal notice about an event |
| 62. | objection | challenge to certain processing |
| 63. | opt-in | active agreement to participate |
| 64. | opt-out | choice to refuse participation |
| 65. | oversight | supervision of compliance |
| 66. | personal data | information about an identifiable person |
| 67. | policy | formal rule or guideline |
| 68. | portability | moving data between services |
| 69. | privacy | control over personal information |
| 70. | processing | using or handling personal data |
| 71. | processor | entity processing for a controller |
| 72. | pseudonymization | replacing identifiers with substitutes |
| 73. | purpose limitation | use data only for stated purposes |
| 74. | re-identification | linking data back to identity |
| 75. | rectification | correction of inaccurate data |
| 76. | redaction | masking sensitive information |
| 77. | remediation | steps to fix a problem |
| 78. | remedy | way to correct harm |
| 79. | restriction | limited use of data |
| 80. | retention | how long data is kept |
| 81. | risk | chance of harm |
| 82. | safeguard | measure protecting data |
| 83. | SCCs | standard transfer contract terms |
| 84. | security | protection against unauthorized harm |
| 85. | sensitive data | data needing extra protection |
| 86. | sharing | providing data to others |
| 87. | storage | keeping data over time |
| 88. | subprocessor | processor hired by another processor |
| 89. | surveillance | close observation of people |
| 90. | telemetry | automatic usage data collection |
| 91. | third party | separate person or organization |
| 92. | tokenization | replacing sensitive data with tokens |
| 93. | tracking | following activity over time |
| 94. | transfer | moving data elsewhere |
| 95. | transparency | clear information about practices |
| 96. | trust | confidence in responsible handling |
| 97. | use | applying data for a purpose |
| 98. | vulnerability | weakness that can be exploited |
| 99. | whistleblowing | reporting wrongdoing internally or publicly |
| 100. | withdrawal | taking back consent |

