Compliance & Frameworks
GDPR
Also known as: General Data Protection Regulation, Regulation (EU) 2016/679
Definition
The European Union's General Data Protection Regulation governing the processing of personal data of individuals in the EU and EEA.
Examples
- A U.S. e-commerce site offering goods to EU consumers must publish a GDPR-compliant privacy notice.
- A French employer responding to an employee's right-of-access request within one month.
Related terms
Data Protection Impact Assessment
Data Protection Impact Assessment — definition coming soon.
CCPA
The California Consumer Privacy Act, a U.S. state privacy law granting California residents rights over their personal information held by businesses.
Compliance
The discipline of meeting legal, regulatory, contractual, and internal security requirements through documented controls, evidence collection, and ongoing assessment.
HIPAA
The U.S. Health Insurance Portability and Accountability Act, which sets national standards for protecting individually identifiable health information.
ISO/IEC 27001
The international standard specifying requirements for an Information Security Management System (ISMS), against which organizations can be formally certified.
Incident Response
The organised process of preparing for, detecting, analysing, containing, eradicating, and recovering from cyber security incidents, then capturing lessons learned.