The controller shall carry out an assessment of the impact of the envisaged processing operations on the protection of personal data when a type of processing is likely to result in a high risk to the rights and freedoms of natural persons. This assessment has to be done prior to the processing and, in particular if using new technologies, has to take into account the nature, scope, context and purposes of the processing.

Under the GDPR, some organisations need to appoint a data protection officer who is responsible for informing them of and advising them about their data protection obligations and monitoring their compliance with them.

Data protection policies outline the basic contours of the measures an organization takes in the processing and handling of personal data. Key matters the policy should address include: Scope, which explains both to whom the internal policy applies and the type of processing activities it covers; Policy statement; Employee responsibilities; Management responsibilities; Reporting incidents; Policy compliance.

Article 5 of the General Data Protection Regulation lists the principles as such: Lawfulness, fairness and transparency; Purpose limitation; Data minimisation; Accuracy; Storage limitation; Integrity and confidentiality.

Any person to whom personal data are disclosed, including any person to whom they are disclosed in the course of processing the data for a Data Controller (for example, an employee of the data controller, a data processor or an employee of the data processor).

The identified or identifiable living individual to whom personal data relates.

A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled

The communication of advertising or marketing material directed to particular individuals.

Is a means of preventing anyone other than those who have a key from accessing data, be it in an email, on a PC or on a storage device.

Encryption is a way to conceal information by altering it so that it appears to be random data. Encryption is essential for security on the Internet.

Any device (which includes a laptop, phone, tablet or server) connected to a secure organisation/business network.

Article 17(1) of the GDPR establishes that data subjects have the right to erasure of their personal data if: the data is no longer needed for its original purpose and no new lawful purpose exists; the lawful basis for the processing is the data subject

Fairness means data subjects must be aware of the fact that their personal data will be processed, including how the data will be collected, kept and used, to allow them to make an informed decision about whether they agree with such processing and to enable them to exercise their data protection rights. Consent notices should not contain unfair terms and supervisory authority powers should similarly be exercised fairly.

Federal Bureau of Investigation

A firewall is a network security device that prevents unauthorised access to a network. It inspects incoming and outgoing traffic using a set of security rules to identify and block threats.

The General Data Protection Regulation requires that consent be a freely given, specific, informed and unambiguous indication of the data subject

The General Data Protection Regulation (GDPR) replaced the Data Protection Directive in 2018. The aim of the GDPR is to provide one set of data protection rules for all EU member states and the European Economic Area (EEA). The document comprises 173 recitals and 99 articles.

means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question

Someone with some computer skills who uses them to break into computers, systems and networks.

Information Commissioner's Office, the UK data protection regulator.

https://ico.org.uk/