Personal Data Authority (AP)
The Dutch data protection authority. The AP is the supervisor in the area of processing personal data.
An individual and natural person to whom personal data relates.
We define a data leak as 'a breach of personal data'. A data leak involves the destruction, loss, alteration or sharing of personal data without intention. It is not only about the leakage of data, but also about the use of data while this is not permitted.
Any information about an identified or identifiable natural person.
Privacy by default
Organisations are obliged to protect the privacy of their users by setting the settings and functions of the products or services in the most privacy-friendly manner (by default).
Privacy by design
Management of the entire life cycle of personal data, from collection to processing and deletion, with systematic attention to comprehensive safeguards for accuracy, confidentiality, integrity, physical security and deletion of personal data.
The risk of restriction of a person's rights and freedoms as a result of the processing of their personal data. Think of identity theft or fraud, exclusion, physical injury, psychological distress, humiliation, reputational damage and loss of control over personal data.
Data Protection Impact Assessment (DPIA)
A DPIA is an instrument that maps out and assesses the risks of planned processing in a structured and standardised manner. Based on this, an organisation can take measures to prevent or reduce these effects for those involved.
Special personal data
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data with a view to the unique identification of a person, or data concerning health, or data concerning a person's sexual behaviour or sexual orientation.
Any act or set of acts with regard to personal data, personal data including in any case the collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, blocking, erasure or destruction of data.