Compliance dictionary

Learn main compliance and Legal Tech terms

Cookie compliance

Terms related to cookie consent, cookie Pop-up, Cookie Policy

Audit trail: A series of electronic files or paper that show a chronological record or set of records
Auto blocking: The term auto-blocking refers to the action of blocking cookies automatically.
Cookie: A cookie is a file that is placed on a person’s computer or other IT equipment.
Cookie banner: A cookie banner is a widget on a website that informs users of how cookies are used and asks the visitors if they can accept usage of cookies.
Cookie checker: A cookie checker is a tool used to scan websites and identify cookies in use.
Cookie policy: A document where a company gives their users information about cookies.
Tracking cookies: Tracking cookies are small text files created to track user’s movements and interactions on a web browser.
Website tracking: Website tracking refers to the monitoring of users’ actions on a website.
Wordpress cookie plugin: WordPress cookie plugin is software integration that can be added to your WordPress webpage and manage your cookie settings.

Terms related to website compliance, Privacy policy, Terms of service, Email marketing

Privacy policy: A privacy policy is a document that discloses all of the ways a party gathers, uses, discloses, and manages a customer or client's data.
Privacy banner: A widget on a website that informs users of their privacy choices.
Email marketing consent: Permission from a subscriber to send marketing email campaigns.
Email marketing consent form: Form that gathers email marketing consent.

GDPR related terms

CCPA: The California Consumer Privacy Act. It describes privacy rights and consumer protection for Californian residents.
Directive: In the EU, a directive is a minimums law that must be incorporated into national law by every EU country individually.
EU privacy laws: EU Privacy Laws are a set of legally binding rules set by the European Union.
Explicit consent: Explicit consent is a consent that must be a specific, informed and unambiguous expression of the person’s wishes and affirmed in a clear statement.
Opt-in: It means that a person needs to opt in, i.e. actively say yes to receive email marketing, e.g. by ticking off the consent box.
Opt-out: It means a company gives people the ability to choose not to receive email marketing.
Regulation: In the EU, a regulation is a law that becomes legally binding throughout the date that it comes into effect.
Right to Data Portability: It's a right for people to get their personal data from e.g. a social media platform and upload it on another platform.
Right to be forgotten: It gives people a right to be forgotten, i.e. have their personal data erased.
Right to information: It gives people a right to be informed about the collection and use of their personal data.
Personal data: Personal data is defined as all information that can be used to identify a person. This is an important aspect when dealing with data and complying with GDPR.

Terms related to our Vendor Management Hub

Privacy Hub: Privacy Hub is an all-in-one platform where companies can find information about vendors and their vendors’ GDPR efforts.
Data processing agreement: A data processing agreement, or a so-called DPA, is a legal contract between a company and its vendors in regard to processing and transferring of personal data.
Article 30: Records of processing activities in accordance with the GDPR.
Article 28: Article 28 of the GDPR focuses on a written contract between two parties in cases when a data controller uses a data processor to process personal data on their behalf.
Schrems II: Schrems II refers to a European Court of Justice case verdict. The case concerns a lawsuit brought to the Court by the Irish Data Protection Authority. The case is based on a complaint from the Austrian citizen, Maximillian Schrems.
Vendor Management Systems (VMSs): Vendor Management Systems (VMSs) is software designed to make operations and management of vendors easier and more efficient.
Data Transfers: A data transfer occurs when personal data leaves the EU or is being made available outside the EU.

Terms related to GDPR roles, processors, controllers, DPO etc.

GDPR Roles: GDPR roles include data processor, data subprocessor, data controller, DPO, supervisory authority, GDPR representative and joint controllers.
Data controller: The company that stores, collects and/or processes data about people and who determines the purposes of the data processing.
Joint controllers: In cases where the vendor processes personal data for their own purposes, the vendor is also considered to be a joint controller.
Data processor: The data processor processes personal data on behalf of a data controller.
Data subprocessor: A data subprocessor is an entity handling data on behalf of another company, where this other company itself is a data processor.
Vendor: A vendor, also known as a processor or subprocessor, is a business entity that offers a service.
Data subject: A data subject is a person who can be identified, either directly e.g. name, email, address, or indirectly e.g. by reference to an identifier, ID number, etc.
DPO: Data Protection Officer is a designated employee, who is in charge of collecting and processing information about data subjects according to privacy laws and regulations.
GDPR representative: Companies that do not have offices in the EU/EEA still have to comply with GDPR. In this case, they need to appoint a GDPR representative.
Supervisory authority: A supervisory authority is a public authority in charge of supervising the application of GDPR. Each EU Member State has a supervisory authority.