BCRs (Binding Corporate Rules) - Internal rules adopted by multinational companies to allow the transfer of personal data within their group across borders, ensuring compliance with data protection standards.
BYOD (Bring Your Own Device) - A policy allowing employees to use their personal devices for work purposes, which necessitates measures to protect organizational data accessed or stored on these devices.
CCPA (California Consumer Privacy Act) - A state statute intended to enhance privacy rights and consumer protection for residents of California, USA.
CIO (Chief Information Officer) - An executive responsible for managing and implementing information and computer technologies within an organization.
CISO (Chief Information Security Officer) - An executive responsible for overseeing and ensuring the security of information and data within an organization.
COPPA (Children’s Online Privacy Protection Act) - A U.S. federal law designed to protect the privacy of children under 13 by regulating online data collection practices.
CPRA (California Privacy Rights Act) - An amendment to the CCPA that enhances privacy rights and consumer protection for California residents.
DPA (Data Protection Act) - Legislation enacted in various jurisdictions, such as the UK's Data Protection Act 2018, that outlines the framework for data protection and privacy.
DPIA (Data Protection Impact Assessment) - A process to help organizations identify and minimize data protection risks in projects that involve processing personal data.
DPM (Data Protection Manager) - An individual appointed within an organization to oversee data protection compliance. While not mandatory under the UK GDPR, appointing a DPM is considered good practice for managing data protection responsibilities.
DPO (Data Protection Officer) - A designated individual within an organization responsible for overseeing data protection strategy and compliance with GDPR or other data protection laws.
DSA (Data Sharing Agreement) - A formal agreement between organizations outlining the terms and conditions for sharing personal data, ensuring compliance with data protection laws.
DSPT (Data Security and Protection Toolkit) - A self-assessment tool used by UK organizations, particularly within the National Health Service (NHS), to measure their performance against data security and protection standards.
DSAR (Data Subject Access Request) - A request made by an individual to access personal data that an organization holds about them, as stipulated under data protection laws.
EDPB (European Data Protection Board) - An independent European body that ensures consistent application of data protection rules across the EU and promotes cooperation among data protection authorities.
FOIA (Freedom of Information Act) - Legislation that grants public access to information held by public authorities, promoting transparency and accountability.
GDPR (General Data Protection Regulation) - A comprehensive EU regulation that governs data protection and privacy, setting guidelines for the collection and processing of personal data.
GLBA (Gramm-Leach-Bliley Act) - A US federal law requiring financial institutions to explain their information-sharing practices and safeguard sensitive data.
HIPAA (Health Insurance Portability and Accountability Act) - A US law designed to provide privacy standards to protect patients' medical records and other health information.
ICO (Information Commissioner's Office) - The UK's independent authority established to uphold information rights and data privacy for individuals.
IDTA (International Data Transfer Agreement) - A UK-specific agreement that provides a mechanism for lawful international data transfers, ensuring adequate protection of personal data.
LGPD (Lei Geral de Proteção de Dados) - Brazil's data protection law, establishing rules for the processing of personal data and protecting individuals' privacy rights.
MNPI (Material Nonpublic Information) - Information that has not been made public and could influence an investor's decision to buy or sell securities.
NPI (Nonpublic Personal Information) - Personally identifiable financial information provided by a consumer to a financial institution, resulting from a transaction or otherwise obtained by an institution.
PbD (Privacy by Design) - An approach where privacy and data protection are embedded throughout the entire lifecycle of technologies and systems, from inception to deployment and disposal.
PECR (Privacy and Electronic Communications Regulations) - Regulations that complement the Data Protection Act and GDPR, focusing on privacy rights in electronic communications.
PIPL (Personal Information Protection Law) - China's comprehensive data protection law that regulates the processing of personal information within its jurisdiction.
PIPEDA (Personal Information Protection and Electronic Documents Act) - Canada's federal privacy law for private-sector organizations, governing the collection, use, and disclosure of personal information.
POPIA (Protection of Personal Information Act) - South Africa's data protection law that aims to promote the protection of personal information processed by public and private bodies.
ROPA (Record of Processing Activities) - A mandatory record that organizations must maintain under GDPR, detailing all personal data processing activities to demonstrate compliance.
PbD (Privacy by Design) - An approach where privacy and data protection are embedded throughout the entire lifecycle of technologies and systems, from inception to deployment and disposal.
SCCs (Standard Contractual Clauses) - Legal tools provided by the European Commission to ensure appropriate data protection safeguards for personal data transferred outside the EU.
UK GDPR (United Kingdom General Data Protection Regulation) - The UK's data protection framework that mirrors the EU GDPR, tailored to fit the UK's legal system post-Brexit.
