GDPR & Data Protection Glossary
Key terms explained by licensed EU attorneys. Bookmark this page for quick reference during compliance work.
Article 27 Representative
A natural or legal person established in the EU designated in writing by a controller or processor not established in the EU, to represent them with regard to their obligations under GDPR. The representative serves as the official point of contact for supervisory authorities and data subjects.
Learn more →Controller
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Most companies collecting customer data are controllers.
Learn more →Processor
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Cloud service providers, payment processors, and analytics vendors are common examples.
Learn more →Data Subject
An identified or identifiable natural person whose personal data is being processed. In GDPR context, this refers to EU residents whose data rights are protected by the regulation.
Learn more →DPA (Data Protection Authority)
An independent public authority responsible for monitoring the application of data protection law. Each EU member state has at least one supervisory authority (e.g., BfDI in Germany, CNIL in France, ICO in the UK).
Learn more →Data Subject Request (DSR)
A request from an individual exercising their data protection rights under GDPR, including the right to access, rectification, erasure, restriction, portability, and objection. Representatives must be able to receive and route these requests.
Learn more →GDPR (General Data Protection Regulation)
Regulation (EU) 2016/679, the EU's comprehensive data protection law effective since May 25, 2018. It applies to any organization processing personal data of EU residents, regardless of where the organization is based.
Learn more →Personal Data
Any information relating to an identified or identifiable natural person. This includes names, email addresses, IP addresses, location data, online identifiers, and any data that can directly or indirectly identify a person.
Learn more →Processing
Any operation performed on personal data, including collection, recording, storage, retrieval, use, disclosure, dissemination, erasure, or destruction. Nearly any handling of data constitutes processing under GDPR.
Learn more →Special Category Data
Sensitive personal data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation. Subject to stricter protections under Article 9.
Learn more →Data Protection Officer (DPO)
A person designated to ensure GDPR compliance within an organization. Required for public authorities and organizations whose core activities involve systematic monitoring or large-scale processing of special categories of data. Different from an Article 27 representative.
Learn more →Supervisory Authority
See DPA (Data Protection Authority). The independent public body responsible for enforcing GDPR in a specific EU member state.
Learn more →Digital Services Act (DSA)
EU regulation establishing obligations for digital service providers, including transparency, content moderation, and — under Article 13 — the requirement for non-EU providers to appoint an EU legal representative.
Learn more →EU AI Act
EU regulation on artificial intelligence. Under Article 54, non-EU providers placing AI systems on the EU market must designate an authorised representative in the EU. Phasing in from 2025-2027.
Learn more →Swiss FADP (Federal Act on Data Protection)
Switzerland's revised data protection law effective September 1, 2023. Article 14 requires non-Swiss controllers to designate a representative in Switzerland when certain conditions are met.
Learn more →Rechtsanwalt / Rechtsanwältin
A licensed German attorney (lawyer) admitted to the bar. In the context of EU representation, having licensed Rechtsanwälte means your representative can substantively engage with legal matters, not just forward mail.
Learn more →Ready to Close Your Article 27 Risk Gap?
Join 500+ US companies that rely on rep4eu for GDPR Article 27 representation. Plans from €29/month. Get covered in under 48 hours.
No credit card required. Results in 2 minutes.