Compliance Glossary

Answer-first definitions for core privacy, security, AI governance, and regulatory operations terms. Each entry links back to deeper blog coverage where available.

C

CASP

A CASP is a Crypto-Asset Service Provider that performs regulated crypto activities under MiCA.

Conformity Assessment

A conformity assessment is the formal evaluation used to verify that a regulated system meets the required legal and technical obligations.

D

Data Controller

The person or organization that decides why personal data is processed and how that processing happens.

Data Minimization

Data minimization means collecting and keeping only the personal data that is necessary for a defined purpose.

Data Processor

A service provider that handles personal data for a controller and follows the controller's documented instructions.

DPIA

A Data Protection Impact Assessment is a structured review used to evaluate high-risk personal-data processing before launch.

DPO

A Data Protection Officer is the person responsible for advising on and monitoring data-protection compliance where that role is required or designated.

H

High-Risk AI System

An AI system that falls into a regulated use case under the EU AI Act and therefore carries stricter governance, documentation, and monitoring obligations.

L

Lawful Basis

A lawful basis is the legal ground that permits personal-data processing under GDPR.

R

Retention Schedule

A retention schedule is the rule set that defines how long each category of data is kept and when it must be deleted or archived.

ROPA

A Record of Processing Activities is the operating inventory that documents what personal data is processed, why, where, and by whom.

S

SCCs

Standard Contractual Clauses are approved contractual terms used to support certain international personal-data transfers.

Subprocessor

A subprocessor is a downstream service provider engaged by a processor to handle personal data on the controller's behalf.

Keep exploring with the Blog, Vendor Risk, GDPR, Glossary, AI Act, Data Act, International Data Transfers, MiCA, ePrivacy/Cookies, European Accessibility Act, DSA.