A series of electronic files or paper that show a chronological record or set of records, e.g. when a user first signed up to a service, at what time, from which IP address, what terms the user accepted and if e.g. later the user decides to opt-out, when did that event take place.
A cookie is a file that is placed on a person’s computer or other IT equipment. It makes it possible to recognize the person’s computer and gather information about which pages and features are visited with the user’s browser.
A definition used in the GDPR. The data processor processes personal data on behalf of a data controller. The data processor does not determine the purposes for the data processing. The processor only acts in accordance with an instruction from the data controller, i.e processes the data on behalf of the controller.
In the EU, a directive is a minimums law that must be incorporated into national law by every EU country individually. This is in contrast to a regulation that comes into effect as stated in the law.
Data Protection Officer. It's a definition used in the GDPR and a role companies in Europe is required to have if (a) the processing is carried out by a public authority; (b) the core activities of the controller or the processor relates to regular and systematic monitoring of data subjects on a large scale; or (c) the core activities of the controller or the processor consist of processing on a large scale of sensitive data.
Explicit consent is not defined in the GDPR. Explicit consent is a consent that must be a specific, informed and unambiguous expression of the person’s wishes and affirmed in a clear statement (whether oral or written).
Information Commissioner’s Office. It's the UK public authority who is responsible for upholding information rights, including the GDPR, PECR and the DPA. The ICO’s website is www.ico.org.uk.
It means a company gives people the ability to choose not to receive email marketing. E.g. companies offer people an opt-out e.g. via an unsubscribe link. Opt-out also means that unticking a consent box will result in the user not receiving email marketing.
It's a definition used in the GDPR. It's a right for people to get their personal data from e.g. a social media platform and upload it on another platform. I.e. the right for people to move, copy and/or transfer personal data easily from one IT environment to another.
It's a definition used in the GDPR. It's also known as the “right to erasure” or the “right to be deleted”. It gives people a right to be forgotten, i.e. have their personal data erased. Companies must respond within 1 month after receiving a request from a person. It's important to remember that the right isn't absolute and that data doesn’t have to be deleted in all circumstances.
It's a definition used in the GDPR. It's one of the most important rights in the GDPR; it gives people a right to be informed about the collection and use of their personal data. I.e. a data controller must tell people that they are processing data about the purposes for processing their personal data, the controller’s retention periods for that personal data, and who the data will be shared with.
One way of keeping track of consents and the evidence you need is through a consent management solution that tracks your cookie consents.
With Legal Monster you can collect and document consent for all cookies used on your site. We use geotargeting to ensure that you collect the right consent in each of your markets, depending on the jurisdiction of the user or customer. Our solution detects which cookies you use and collects compliant consents for those. With Legal Monster you get a full audit trail, so you can prove consents to a data authority if you need to.