Glossary for Identity Management, Data Privacy and GDPR-compliance

An adequacy decision confirms that a third country has a level of data protection comparable to that of the EU.

Infringement of applicable data protection rules and regulations does not only result in liability to any person having suffered damages but may also cause the imposition of penalties and administrative fees by the supervisory authorities.

Advanced Encryption Standard (AES256) is a way of encrypting data so that unauthorized people cannot read it.

Engity stores passwords (and other secrets) using this award-winning hashing algorithm, which is currently one of the securest known algorithms for that purpose.

Businesses rely on their processes to deliver services or products to their customers and, in fact, to do anything at all.

The Cookie Consent informs users of a website or service about how cookies are used on the site and asks for informed consent.

Most organizations, be it businesses, associations, corporations, or institutions, cannot handle all their processing of personal data fully in-house.

Data Protection is the idea of preventing the misuse of personal data.

The idea of a Data Protection Audit is to make sure that an organization is in compliance with the applicable privacy regulation and the data protection policies and procedures work as planned.

The job of a Data Protection Officer (short: DPO) is to make sure that a business or organization processes personal data only according to the applicable data protection rules and regulations.

A Data Transfer is a transfer of personal data from one person or organization to another.

When Engity signs issued tokens (for JWT, HTTPS, …), we use either the Elliptic Curve Digital Signature Algorithm (ECDSA, with SHA-512) or Edwards-curve Digital Signature Algorithm (EdDSA with Ed25519; depending on support by devices).

The General Data Protection Regulation, short GDPR, is the EU's data privacy and security law.

In Identity and Access Management (IAM), an identity is a representation of a user with certain access right to resources.

Organizations need to know who their (internal and external) users are, which resources they can access, and what rights they have.

An Identity Provider (IdP) provides authentication and authorization services for users.

The GDPR aims to be not just a set of rules on paper.

The location of computers, servers, and data centers is a central topic when thinking about the compliance of personal data processing.

The Privacy Shield is a legal framework addressing transfers of personal data between the EU and the US.

Safe Harbor was an inadequate tool for transferring personal data from the EU to the US.

Schrems I and II are two judgements by the European Court of Justice (ECJ) that invalidated the transfer tools Safe Harbor and Privacy Shield.

Server, Data Center, Cloud Computer: the oil wells of the 21st century.

Standard Contractual Clauses (SCCs) are a contractual tool enabling data transfers between the EU and third countries.

A Transfer Impact Assessment (TIA) is a risk assessment regarding data transfers to third countries, in particular when SCC are being used as a transfer tool.

Transport Layer Security (TLS) is today the most commonly used security protocol for secure communication over the Internet.

The US Cloud Act is a law that gives American intelligence and law enforcement authorities wide-ranging access to personal data, including data of European citizens.