top of page

GDPR glossary

The GDPR is a text that can seem complex when you are not initiated in legal language. We have therefore undertaken a series of blog articles designed to explain the GDPR and its principles to you so that you too can make the text your own.


You will find here all the definitions of the various specific terms that are used in these somewhat technical articles. This page will be enriched as and when we publish articles on the various chapters of the GDPR.

To access the blog and the articles in question, please click on the button below.

Personal data

Any information relating to a natural person who can be identified, directly or indirectly.

The people concerned

Persons whose personal data are affected by a data processing operation. 

Data processing

Any operation or set of operations which may or may not be performed upon personal data or sets of personal data by automated means. The collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data are data processing operations. CNIL definition.


Any form of automated processing of personal data which consists in using such data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict elements concerning the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person. CNIL definition.

Material scope

Defines precisely which data are protected by the GDPR and which data processing operations are governed by the GDPR.

Territorial scope

Defines precisely the territory (and the population attached to it) concerned by the GDPR.

Data controller / processor

An organisation may be responsible for all the data processing carried out in the course of its business, but it may also delegate some or all of it. When an organisation delegates some data processing to a processor, it still remains a controller.

bottom of page