Practice GDPR vocabulary: data subject, data controller vs. processor, lawful basis for processing, DSAR, right to erasure, and Data Protection Authority concepts.
0 / 5 completed
1 / 5
Under GDPR, what is a 'data subject'?
A data subject is the individual whose personal data is being collected or processed. For example, a customer whose name and email are stored in your system is a data subject under GDPR.
2 / 5
What is the difference between a 'data controller' and a 'data processor' under GDPR?
The data controller decides why and how personal data is processed. The data processor handles data only on the controller's instructions — for example, a cloud provider processing data for your company is a processor.
3 / 5
A user submits a 'DSAR.' What are they requesting?
A Data Subject Access Request (DSAR) is a formal request by an individual exercising their GDPR right to access the personal data an organization holds about them, including how and why it is processed.
4 / 5
What is 'legitimate interest' as a lawful basis for GDPR data processing?
Legitimate interest is one of six lawful bases under GDPR. It allows processing when the controller has a genuine, proportionate reason that is not overridden by the individual's privacy rights — requiring a balancing test.
5 / 5
A customer invokes their 'right to erasure.' What must the organization do?
The right to erasure (also called 'right to be forgotten') requires organizations to delete personal data when, for example, the data is no longer necessary for its original purpose or the person withdraws consent — subject to certain legal exceptions.