Following up on our previous blog post about the new data protection law, today we’re explaining some key definitions. We’re aware that legal requirements aren’t always easy to understand, so we’re here to help you out!
- Data controller – someone who processes personal data on their own behalf and decides the purpose and method of data processing. A data controller may be a natural person conducting business activity, a company or any other entity. Generally speaking, as long as the data processing is not related to business activity the data controller will not be obliged to comply with GDPR. ClickMeeting acts as a data controller of personal data provided by their customers. As a ClickMeeting customer, you act as a data controller of the personal data provided by your webinar participants.
- Personal data – any information that can be used directly or indirectly to identify a natural person. Example: names, surnames, email addresses, telephone numbers of webinar participants, presenters and customers.
- Sensitive personal data – includes information revealing racial or ethnic origin, political views, religious or ideological beliefs, trade union membership, genetic and biometric data, health data, sexual orientation and sexuality. As a rule, the processing of sensitive personal data is not allowed unless there is a clear legal basis and/or explicit consent of the data subject.
- Right to object – any person can submit a request to the data controller to stop processing and delete his or her personal data. The data controller should immediately execute such a request unless he or she has legal grounds for further data processing. Example: when a ClickMeeting customer or webinar participant unsubscribes from marketing communications, the person is removed from the marketing mailing list automatically.
- Processor (ClickMeeting) – a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. The processor does not own the database or decide the purpose and scope of data processing. Data processing takes place only at the express request of the data controller, which means the processor is dependent on the data controller in the context of data processing. The processor is an external entity the data controller entrusts with processing personal data. Example: ClickMeeting is a data processor of personal data of webinar participants. To use ClickMeeting, customers entrust ClickMeeting with processing the data.
- Profiling – any form of automated data processing that uses personal data to evaluate specific aspects of someone’s personality, behavior or preferences. Automated profiling allows data to be processed in such a way that it is possible to make a profile of such a person based on various criteria, such as their interests, economic status, location, etc.
- Processing (processing of personal data) – collecting, recording or storing data or carrying out any operations on data. Examples: copying, rewriting, saving, transferring, matching, analyzing, transferring, or deleting.
- Pseudonymisation – processing personal data so the personal data can no longer be attributed to a specific data subject without additional information. Example: using a character string instead of the full name.
- Consent to personal data processing – the data subject’s consent for their personal data to be processed. Consent must be a clear affirmative act, freely given, specific, informed, and unambiguous. Consent of the data subject is a basis for lawful processing of personal data. Consent is given by a specific person to a specific data controller. When obtaining consent, the data controller should provide, among others, the company’s full contact information, registry details and processing activities.
Hopefully, you found this glossary useful!