Glossary

E

A B C D E F G H I L M N O P R S U V W

Description: Data that has been transformed using cryptographic algorithms to render it unreadable to unauthorized users, requiring a decryption key for access.
Origin/Enacted and Enforced: Encryption standards are defined by organizations such as NIST, ISO, and are required by regulations like GDPR, HIPAA, and PCI DSS.
Impacts Data Types: Personal data, financial data, health records, intellectual property, and any sensitive or regulated information.
Examples: Encrypting customer credit card numbers before storing in a database; using TLS to encrypt data in transit.
Potential Fines: Failure to encrypt regulated data can result in significant regulatory penalties (e.g., up to €20 million under GDPR, or sector-specific fines).

Description: An independent European body that ensures consistent application of the General Data Protection Regulation (GDPR) and promotes cooperation among the EU’s data protection authorities.
Origin/Enacted and Enforced: Established by the GDPR, effective since May 25, 2018; replaces the Article 29 Working Party.
Impacts Data Types: All personal data processed under the jurisdiction of the GDPR within the EU/EEA.
Examples: Issuing guidelines on cross-border data transfers; resolving disputes between national data protection authorities.
Potential Fines: The EDPB itself does not issue fines, but its guidance influences enforcement actions and penalties by national authorities (up to €20 million or 4% of global turnover under GDPR).

Description: The independent supervisory authority responsible for ensuring that EU institutions and bodies comply with data protection law and respect individuals’ privacy rights.
Origin/Enacted and Enforced: Established by Regulation (EC) No 45/2001 and reinforced by Regulation (EU) 2018/1725; active since 2004.
Impacts Data Types: Personal data processed by EU institutions, agencies, and bodies.
Examples: Monitoring the European Commission’s data processing activities; investigating complaints from EU citizens regarding misuse of their data by EU bodies.
Potential Fines: The EDPS may impose corrective measures, including reprimands and orders to comply; fines are less common but possible for breaches by EU institutions.

Description: A data classification technique that uses a reference dataset to detect and classify data by matching exact values, reducing false positives in sensitive data discovery.
Origin/Enacted and Enforced: Developed as a feature in modern data loss prevention (DLP) and data security solutions; not mandated by law but aligned with best practices and compliance requirements.
Impacts Data Types: Structured personal data, account numbers, Social Security numbers, customer IDs, or any data where exact value matching is required.
Examples: Identifying files that contain customer Social Security numbers from a protected reference list; classifying documents with exact credit card numbers.
Potential Fines: Not directly fined, but failure to accurately classify and protect sensitive data can lead to regulatory penalties for breaches.

Description: The unauthorized transfer or theft of data from an organization’s systems, often as a result of a cyberattack or insider threat.
Origin/Enacted and Enforced: Recognized as a critical risk in cybersecurity frameworks (NIST, ISO 27001); addressed by regulations such as GDPR, HIPAA, and state breach notification laws.
Impacts Data Types: Any sensitive, regulated, or proprietary data, including PII, PHI, trade secrets, and intellectual property.
Examples: Hackers stealing customer databases; employees emailing confidential files to personal accounts.
Potential Fines: Regulatory penalties for breaches involving exfiltration can be severe (e.g., up to €20 million under GDPR, millions under HIPAA or CCPA).

A B C D E F G H I L M N O P R S U V W