E-training for personal data management and privacy

For the purposes of GDPR, the term:

1. "personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2. "controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its designation may be provided for under European Union or Member State law;
3. "processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
4. "processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
5. "restriction of processing" means the marking of stored personal data with the aim of limiting their future processing;
6. "profiling" means any type of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location;
7. "pseudonymization" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data are not attributed to an identified or identifiable natural person;
8. "file system" means any structured collection of personal data accessible according to specified criteria, whether such collection is maintained on a centralized, decentralized or functional or geographical basis;
9. "Recipient" means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under European Union or Member State law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing;
10. "third party" means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or the processor;
11. "Consent" of the data subject means any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her;
12. "personal data breach" means a breach of security leading, whether accidentally or unlawfully, to the destruction, loss, alteration of, or unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
13. "genetic data" means personal data relating to the inherited or acquired genetic characteristics of a natural person which provide unique information about the physiology or health of that natural person and which have been obtained, in particular, from the analysis of a biological sample from that natural person;
14. "biometric data" means personal data on the physical, physiological or behavioral characteristics of a natural person, obtained by means of specific technical procedures, which enable or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
15. "health data" means personal data relating to the physical or mental health of a natural person, including the provision of health care services, revealing information about that person's state of health;