Unit 2: Fundamentals of Data Privacy

Data Privacy: the concept of protecting personal data and ensuring that it is used in a way that respects the rights and expectations of individuals. This includes things like limiting the collection of personal data, ensuring that it is stored and transmitted securely, and giving individuals the ability to access, correct, or delete their data.

Personal Data: any information that relates to an identified or identifiable individual. This can include things like names, addresses, phone numbers, email addresses, IP addresses, and biometric data.

Data Controller: the entity that determines the purposes and means of the processing of personal data. This can be an individual, a company, or an organization.

Data Processor: the entity that processes personal data on behalf of the data controller. This can be a third-party service provider or an internal department.

Data Protection Impact Assessment (DPIA): a process of evaluating the potential impact of a data processing activity on the privacy and rights of individuals. A DPIA is typically conducted before the data processing activity begins and is used to identify and mitigate any potential privacy risks.

Consent: permission given by an individual for the collection, use, and processing of their personal data. Consent must be freely given, specific, informed, and unambiguous.