Supervisory authority
Definition
The national data protection regulator responsible for enforcing GDPR in a given EU member state, such as the UK Information Commissioner's Office (post-Brexit), the Irish Data Protection Commission, or the French CNIL. Controllers must notify the relevant supervisory authority within 72 hours of becoming aware of a notifiable breach.
Related terms
- Controller
- The natural or legal person, authority, agency, or other body that determines the purposes and means of processing personal data. The controller...
- Covered Entity / Business Associate
- Terms used in the US HIPAA framework. Covered entities are healthcare providers, health plans, and healthcare clearinghouses. Business Associates are contractors that...
- Data fiduciary
- The term used in India's Digital Personal Data Protection Act 2023 for an entity that determines the purpose and means of processing...
- Data Protection Impact Assessment (DPIA)
- A structured risk assessment required under Article 35 before any processing that is likely to result in high risk to individuals' rights...
- Lawful basis
- One of the six conditions listed in Article 6 that must be satisfied before personal data may be processed. The controller must...
- Notification trigger
- The threshold condition that activates a legal notification obligation. Under GDPR the trigger is any personal data breach that poses a risk...
- Personal data breach
- Under GDPR, a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal...
- Processor
- A natural or legal person that processes personal data on behalf of the controller. Processors are directly bound by certain GDPR obligations...
- Record of Processing Activities (ROPA)
- The inventory of processing operations required under Article 30. It documents the purposes, data categories, recipients, retention periods, and security measures for...
- Safe harbour (encryption)
- A provision in many breach notification frameworks that exempts organisations from individual notification obligations if the breached data was encrypted and the...
Explained in these topics
- Breach Notification Laws and ObligationsThe national data protection regulator responsible for enforcing GDPR in a given EU member state, such as the UK Information Commissioner's Office (post-Brexit...
- GDPR: Core Principles and Audit ObligationsThe independent national authority responsible for monitoring the application of the GDPR in its member state. Examples include the UK Information Commissioner...