A cookie policy is a document where a company gives their users and visitors information about what cookies they use, what they are used for, also known as purposes, what information is collected, and when each cookie expires. The document is where in the world this data is sent. Many website owners choose to incorporate the cookie policy as a section of their privacy policy.
A definition used in the GDPR. The data processor processes personal data on behalf of a data controller. The data processor does not determine the purposes for the data processing. The processor only acts in accordance with an instruction from the data controller, i.e processes the data on behalf of the controller.
In the EU, a directive is a minimums law that must be incorporated into national law by every EU country individually. This is in contrast to a regulation that comes into effect as stated in the law.
Data Protection Officer. It's a definition used in the GDPR and a role companies in Europe is required to have if (a) the processing is carried out by a public authority; (b) the core activities of the controller or the processor relates to regular and systematic monitoring of data subjects on a large scale; or (c) the core activities of the controller or the processor consist of processing on a large scale of sensitive data.
Information Commissioner’s Office. It's the UK public authority who is responsible for upholding information rights, including the GDPR, PECR and the DPA. The ICO’s website is www.ico.org.uk.
It's a definition used in the GDPR. It's a right for people to get their personal data from e.g. a social media platform and upload it on another platform. I.e. the right for people to move, copy and/or transfer personal data easily from one IT environment to another.
It's a definition used in the GDPR. It's also known as the “right to erasure” or the “right to be deleted”. It gives people a right to be forgotten, i.e. have their personal data erased. Companies must respond within 1 month after receiving a request from a person. It's important to remember that the right isn't absolute and that data doesn’t have to be deleted in all circumstances.
It's a definition used in the GDPR. It's one of the most important rights in the GDPR; it gives people a right to be informed about the collection and use of their personal data. I.e. a data controller must tell people that they are processing data about the purposes for processing their personal data, the controller’s retention periods for that personal data, and who the data will be shared with.
One way of keeping track of consents and the evidence you need is through a consent management solution that tracks your cookie consents.
With Legal Monster you can collect and document consent for all cookies used on your site. We use geotargeting to ensure that you collect the right consent in each of your markets, depending on the jurisdiction of the user or customer. Our solution detects which cookies you use and collects compliant consents for those. With Legal Monster you get a full audit trail, so you can prove consents to a data authority if you need to.