Definitions relating to the GDPR

Personal data: Any information relating to an identified or identifiable natural person (‘data subject). Such information can be a name, an identification number, location data, an online identifier, email adress etc. Encrypted or coded data is also treated as personal data if a key exists.

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration etc.

Sensitive personal data: Personal data which are particularly sensitive in relation to fundamental rights and freedoms. These are data revealing race or ethnicity, political opinions, religious or philosophical affiliation, membership of trade union, or data regarding a persons health, sexual life or sexual orientation. It is also processing of genetical or biometrical information.

Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data

Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Data protection officer: A natural person ensuring that the obligations to the GDPR are fulfilled. Authorities are obliged to appoint a DPO. DPO at KI is Mats Gustavsson.

Third country: Country that is not a member of the EU or of the EES.