Glossary

Anonymisation

A process by which personal data is irreversibly altered in such a way that a data subject can no longer be identified directly or indirectly, either by the data controller alone or in collaboration with any other party (ISO/TS 25237:2017).

Data collection (or collection)

The GDPR uses the term "collect" to refer to the practice of getting personal data directly from a data subject.

Data controller (or controller)

The natural or legal person, public authority, agency or other
body which, alone or jointly with others, determines the purposes and means of the processing of personal data (GDPR, art. 4(7)).

DO

DONT

Data minimization

This principle constrains the amount and type of data that is collected from or about a data subject to only data that is explicitly and specifically required.

Data processing

Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data processor (or processor)

The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (GDPR, art. 4(8)).

Digital Financial Service Provider (DFSP)

Providers of Digital financial services including methods to electronically store and transfer funds; to make and receive payments; to borrow, save, insure and invest; and to manage a person's or enterprise's finances.

Personal data

Any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location
data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (GDPR, art. 4(1)).

• Name and surname

• Home address

• Email address

• Identification card number

• Location data

• IP addresses

Profiling

any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonym

(or cryptonym or nym)

A piece of information associated to an identifier of an individual or any other kind of personal data (e.g. location data). Pseudonyms
may have different degrees of linkability (to the original identifiers). The degree of linkability of different pseudonym types is important to consider for evaluating the strength of pseudonyms
but also for the design of pseudonymous systems where a certain degree of linkability may be desired (e.g. when analysing pseudonymous log files or for reputation systems).

Pseudonymisation

The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and
organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person (GDPR, art. 4(5)).