Data breach

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Data controller

An entity (a person, public authority, agency, etc.) that determines the purposes and means of the processing of personal data. For example, when a business uses Google Workspace for internal communication and collaboration, that business will be the data controller, and Google is the data processor.

Example: Appfarm would be the data controller if we outsourced payroll to a third party. In this case, they would be the data processor.

Data Processing Agreement (DPA)

A legal contract outlining the responsibilities and obligations of a data controller and a data processor when processing personal data. It establishes the terms and conditions governing the processing of personal data on behalf of the data controller by a third-party data processor.

Data processor

An entity that processes personal data on behalf of the controller. It’s the data controller who sets the rules, and the data processor plays by those rules.

Example: Appfarm is the data processor for our SaaS customers. In this case, the client is the data collector.

Data Protection Officer (DPO)

An individual designated by an organization to oversee and ensure the organization's compliance with data protection laws and regulations, particularly GDPR.

Data subject

An individual who is identifiable based on the personal data that is being processed.

Data sub-processor

A third-party entity engaged by a data processor to perform specific data processing activities on behalf of a data controller. A data sub-processor assists the primary data processor in carrying out certain tasks related to personal data.

Example: Appfarm is the data sub-processor for our customers who develop web solutions for their own clients. In this case, the customer is the data processor, and the customer’s client is the data collector.


European Union regulation on information privacy in the European Union and the European Economic Area.

Personal data

Information relating to an identified or identifiable natural person (data subject). This encompasses all information that can be used to identify an individual. For example, first and last name, address, email address, location data, IP address, etc.


Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. For example, collection, recording, structuring, storage, alteration, use, etc.

Sensitive data

A type of personal information that is more highly protected by laws due to its more vulnerable nature. For example, political affiliation, racial or ethnic origin, religious beliefs, biometric data such as fingerprints, sexual orientation, etc.

Last updated