In this Law, the following terms have the following meanings:
-
personal data:any information relating to an identified or identifiable natural
person who can be identified, directly or indirectly, in particular by reference to an
identifier such as a name, an identification number, location data, an online identifier
or to one or more factors specific to the physical, psychological, genetic, mental,
economic, cultural or social identity of that natural person;
-
sensitive personal data:information revealing a person’s race, health status,
criminal records, medical records, social origin, religious or philosophical beliefs,
political opinion, genetic or biometric information, sexual life or family details;
-
encryption:technical method used to render the content of data unreadable to any
person who is not authorised to access it;
-
processing of personal data:an operation or set of operations which is performed
on personal data or on sets of personal data, whether or not by automated means, such as
access to, obtaining, collection, recording, structuring, storage, adaptation or
alteration, retrieval, reconstruction, concealment, consultation, use, disclosure by
transmission, sharing, transfer, or otherwise making available, sale, restriction,
erasure or destruction;
-
register of data controllers and data processors:a system of records physical or
electronic of registered data controllers and data processors;
-
privacy:a fundamental right of a person to decide who can access his or her
personal data, when, where, why and how his or her personal data can be accessed;
-
significant consequences:effects that are as similarly significant in their
impact as legal effects and that adversely affect a data subject’s behaviour or choices;
-
legal consequences:effects that adversely affect a person’s legal status or
his/her legal rights;
-
tokenisation:the process of replacing sensitive data with unique identification
symbols that retain all the essential information about the data without compromising
its security;
- vital interests:interests linked to life or death of data subject;
-
profiling:form of automated processing of personal data consisting of the use of
personal data to evaluate certain personal aspects relating to a natural person, in
particular to analyse and predict aspects concerning that natural person’s performance
at work, economic situation, health, personal preferences, interests, reliability,
behaviour, location or movements;
-
personal data logging:the process of recording personal data processing
activities over a period of time for the purpose of event monitoring and auditing in an
automated processing system;
-
personal data breach:a breach of personal data security leading to unlawful
destruction, loss, alteration, unauthorised disclosure of, or access to, personal data
transmitted, stored or otherwise processed;
-
pseudonymisation:the processing of personal data in such a manner that the data
can no longer be attributed to a specific data subject without the use of additional
information kept separately;
-
data subject:a natural person from whom or in respect of whom, personal data has
been requested and processed;
-
recipient:a natural person, a public or private corporate body or legal entity to
which the personal data are disclosed;
-
user:a natural person, a public or private corporate body or a legal entity, who
uses or who requests personal data processing service;
-
consent of the data subject:freely given, specific, informed and unambiguous
indication of the data subject’s wishes by which he or she, by an oral, written or
electronic statement or by a clear affirmative action, signifies agreement to the
processing of personal data relating to him or her;
-
data controller:natural person, public or private corporate body or legal entity
which, alone or jointly with others, processes personal data and determines the means of
their processing;
-
person:natural person, corporate body or legal entity;
-
third party:natural person, corporate body or legal entity other than the data
subject, the data controller, the data processor and persons who, under the authority of
the data controller, are authorised to process personal data;
-
competent authority:sectoral authority responsible for overseeing sector-specific
compliance in conjunction with the supervisory authority;
-
supervisory authority:a public authority in charge of cyber security;
-
data processor:public or private corporate body or legal entity, which is
authorised to process personal data on behalf of the data controller.