Confidentiality in a general sense refers to the duty not to share information with persons who are not qualified to receive that information.

Any freely given specific and informed indication of wishes by means of an active step taken by the data subject which signifies their agreement to personal data relating to them being processed.

Adopted either directly by the European Commission or by a supervisory authority in accordance with the consistency mechanism and then adopted by the Commission, contractual clauses are mechanisms by which organisations can commit to protect personal data to facilitate ongoing and systematic cross-border personal data transfers.

means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Short text files stored on the user

Credential stuffing is the automated injection of stolen username and password pairs (“credentials”) in to website login forms, in order to fraudulently gain access to user accounts.

A user's authentication information used to verify identity - typically one, or more, of password, token, certificate.

The transmission of personal information from one jurisdiction to another. Many jurisdictions, most notably the European Union, place significant restrictions on such transfers. The EU requires that the receiving jurisdiction be judged to have

Malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means.

A breach of the security rules for a system or service - most commonly;

• Attempts to gain unauthorised access to a system and/or to data.
• Unauthorised use of systems for the processing or storing of data.
• Changes to a systems firmware, software or hardware without the system owners consent.
• Malicious disruption and/or denial of service.

The protection of devices, services and networks — and the information on them — from theft or damage.

The part of the world wide web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable.

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed

A person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Only controllers need to pay the data protection fee.

The principle of

the right to have their personal data returned to them in an electronic format by the data controller. They may then pass this data onto another controller. This will enable individuals to move to alternative service providers more easily

A person, public authority, agency or other body which processes personal data on behalf of the controller.

A term often used to refer to a supervisory authority, which is an independent public authority responsible for monitoring the application of the General Data Protection Regulation in order to protect the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free flow of personal data within the European Union.

The implementation of appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons. Such organisational measures could consist, inter alia, of minimising the processing of personal data, pseudonymising personal data as soon as possible, transparency with regard to the functions and processing of personal data, and enabling the data subject to monitor the data processing.

data security and privacy compliance must be built into new organisational and technical systems during their development, not added in later. Only data that is determined as