Glossary for Identity Management, Data Security, Data Privacy & GDPR-compliance
When it comes to terminology about identity and access management as well as the legal compliance to be considered in the European Union, it is often easy to lose track. Our detailed explanations of technical and legal terms used help you better familiarize with the matter.
-
A
-
Adequacy Decision
An adequacy decision confirms that a third country has a level of data protection comparable to that of the EU. -
Administrative Fines
Infringement of applicable data protection rules and regulations does not only result in liability to any person having suffered damages but may also cause the imposition of penalties and administrative fees by the supervisory authorities. -
Advanced Encryption Standard AES256
Advanced Encryption Standard (AES256) is a way of encrypting data so that unauthorized people cannot read it. -
Argon2
Engity stores passwords (and other secrets) using this award-winning hashing algorithm, which is currently one of the securest known algorithms for that purpose. -
Authentication
Authentication is the process of verifying the identity of a user, system, or entity seeking access to a digital platform, network, or sensitive information.
-
-
B
-
Brute Force Attack
An attempt to gain unauthorized access to a system – or data – by simply trying out all possible combinations of access credentials. -
Business Processes
Businesses rely on their processes to deliver services or products to their customers and, in fact, to do anything at all.
-
-
C
-
Cookie-Consent
The Cookie Consent informs users of a website or service about how cookies are used on the site and asks for informed consent. -
Cybersecurity
Cybersecurity is the protection of computers, servers and other online systems against targeted attacks.
-
-
D
-
Dark Patterns
Dark patterns are user interface (UI) practices that nudge users to do what's best for the provider, not necessarily the user themselves. -
Data Processing Agreement (DPA)
Most organizations, be it businesses, associations, corporations, or institutions, cannot handle all their processing of personal data fully in-house. -
Data Protection
Data Protection is the idea of preventing the misuse of personal data. -
Data Protection Audit
The idea of a Data Protection Audit is to make sure that an organization is in compliance with the applicable privacy regulation and the data protection policies and procedures work as planned. -
Data Protection Officer (DPO)
The job of a Data Protection Officer (short: DPO) is to make sure that a business or organization processes personal data only according to the applicable data protection rules and regulations. -
Data Transfer
A Data Transfer is a transfer of personal data from one person or organization to another. -
Digital Services Act (DSA)
-
-
E
-
Elliptic Curves Digital Signature
When Engity signs issued tokens (for JWT, HTTPS, …), we use either the Elliptic Curve Digital Signature Algorithm (ECDSA, with SHA-512) or Edwards-curve Digital Signature Algorithm (EdDSA with Ed25519; depending on support by devices). -
European Court of Justice (ECJ)
The European Court of Justice - ECJ (very technically part of the "Court of Justice of the European Union") is the supreme court of the European Union, whose task is to interpret EU law and ensure its uniform application across the Union and its member states. -
European Data Protection Supervisor (EDPS)
The European Data Protection Supervisor (EDPS) is the highest supervisory authority for Data Protection within the EU and is responsible for citizens' data protection rights.
-
-
G
-
General Data Protection Regulation (GDPR)
The General Data Protection Regulation, short GDPR, is the EU's data privacy and security law.
-
-
I
-
Identity
In Identity and Access Management (IAM), an identity is a representation of a user with certain access right to resources. -
Identity & Access Management (IAM)
With an identity and access management system, users can be administrated and their access controlled. -
Identity Provider (IdP)
An Identity Provider (IdP) provides authentication and authorization services for users.
-
-
L
-
Liability
The GDPR aims to be not just a set of rules on paper. -
Location
The location of computers, servers, and data centers is a central topic when thinking about the compliance of personal data processing. -
Lock-out Functionality
A lock-out function is a security mechanism in IAM or access management that denies access to a system or user account after a certain number of failed login attempts.
-
-
M
-
Managed Services
Keeping pace with IT technology and saving costs and resources with managed services. -
Multi-factor Authentication (MFA)
Multi-factor authentication (MFA) combines various factors when verifying the identity of a user asking for access to a system or resource.
-
-
O
-
One-Time Password (OTP)
A password that can only be used once is called a one-time password. -
Open Source
Software where the source code is available in a free, open and understandable form is referred to as open source.
-
-
P
-
Passphrase
A passphrase is a sequence of words strung together used as a password while being easy to remember. -
Password
A password is a key in the form of "something the user knows" that gives access to digital accounts, devices, or information. -
Password Generator
By using a password generator, strong passwords can be created. -
Password Manager
A password manager is a tool that securely stores and manages a user’s login credentials. -
Password Reset
A password reset is the process of replacing a forgotten or compromised password with a new one. -
Password Spraying Attack
The attempt to gain unauthorized access to user accounts by trying a few commonly used passwords against many usernames or email addresses. -
Password Strength Checker
A password strength checker is a tool that accesses the strength of a password – as the name suggests. -
Privacy Shield I/II
The Privacy Shield is a legal framework addressing transfers of personal data between the EU and the US.
-
-
S
-
Safe Harbor
Safe Harbor was an inadequate tool for transferring personal data from the EU to the US. -
Scalability
The term scalability means the ability to adapt an IT installation or system. -
Schrems Ruling I/II
Schrems I and II are two judgements by the European Court of Justice (ECJ) that invalidated the transfer tools Safe Harbor and Privacy Shield. -
Server
Server, Data Center, Cloud Computer: the oil wells of the 21st century. -
Single Sign-on (SSO)
Single sign-on (or "SSO" in short) is a centralized authentication method that lets users access multiple applications or systems using a single set of login credentials. -
Standard Contractual Clauses (SCC)
Standard Contractual Clauses (SCCs) are a contractual tool enabling data transfers between the EU and third countries.
-
-
T
-
Technical and Organizational Measures (TOMs)
TOMs are technical and organizational measures to protect personal data and make data processing compliant to the GDPR. -
Transatlantic Data Privacy Framework - (TADPF)
The Transatlantic Data Privacy Framework (TADPF) is a mechanism to align differences in EU-US data protection standards that allows data transfers to the US. -
Transfer Impact Assessment (TIA)
A Transfer Impact Assessment (TIA) is a risk assessment regarding data transfers to third countries, in particular when SCC are being used as a transfer tool. -
Transport Layer Security (TLS) 1.2+
Transport Layer Security (TLS) is today the most commonly used security protocol for secure communication over the Internet.
-
-
U
-
US Cloud Act
The US Cloud Act is a law that gives American intelligence and law enforcement authorities wide-ranging access to personal data, including data of European citizens.
-