GDPR Terminology

Data Subject

The GDPR focuses on protecting the personal data of “data subjects”, that is living people inside the EU. Whether you’re in the EU as a citizen, just travelling through, an immigrant, a resident or on a work visa, if you’re in an EU member state then you are a data subject in the eyes of the GDPR and your personal data must be protected.


[Pronouned Soo-don-imm-Isation]

This is the process of replacing certain pieces of data, e.g. within a set of customer data, with an artificial identifier to help mask the real identity of the data subject. Whilst this technique would help reduce the impact on a subject if the data were to be stolen, it is not full anonymisation, and therefore pseudonymised data is still recognised as personal data in the GDPR.

Working Party 29 (WP29)

The Article 29 Working Party is composed of representatives of the national data protection authorities (DPA), the EDPS and the European Commission. Its main tasks are to provide expert advice from the national level to the European Commission on data protection matters.The WP29 is the group of people that translates the GDPR into some recommended practices for country DPAs, controllers and processors. More information on the WP29 here.

Carl Gottlieb

Carl Gottlieb is the privacy lead and Data Protection Officer for a select group of leading tech companies. Carl’s consultancy company Cognition provides a range of privacy and security services including virtual DPO and virtual CISO.