On this page, you can find a concise definition of terms concerning data protection. 

Hint: use CTRL + F (Windows) or 'COMMAND + F' (Mac) to find the term you are looking for more easily. 


What is...? 

  • General Data Protection Regulation (GDPR): The General Data Protection Regulation (GDPR) is the new European privacy legislation, concerning the management and the security of personal data of European citizens. 
  • GDPR compliance: to have complied with, and to stay in compliance with the new European privacy regulation. 
  • DPIA’s (Data protection impact assessments): A DPIA is a process that has the object to evaluate the risks concerning the rights and freedoms of natural persons, and the possibilities to control those risks.
  • Data Protection Authority (DPA): A DPA is an independent public authority, on EU member state level, that supervises the application of the applicable data protection laws. 
  • Data breach: a violation of the security of sensitive personal data, that leads to the destruction, the loss, the amendment or the unauthorised acces to sent, stored or otherwise processed data. 
  • Gap analysis: A gap analysis is the comparison of the achieved results, or the current situation, with the predetermined goals or the desired situation. The difference between both is 'the gap'. 
  • GDPR SPOC: A GDPR SPOC (or Single Point of Contact) is a person (or department) who serves as coordinator or  die dienst doet als coördinator or contact point for everything concerning GDPR. 

    Read more about our GDPR services

    Here you can find our article with the most important definitions that are included in the GDPR. 


  • Data Protection Officer (DPO): A Data Protection Officer (DPO) is a functionary who controls is all data is properly stored, used and shared. 

    Read more about our DPO services.


  • ISO27001: an international standard, published by the International Standardisation Organisation (ISO), that describes how information security can be managed in a company. ISO 27001 can be implemented in all sorts of organisations; profit or non-profit, private or state-owned, small or large. It is written by the world’s best experts in the area of information security, and it provides the methodology for the implementation of information security in an organisation. Certification is not an obligation, but the measures can be used as a reference framework for a.o. GDPR compliance.
  • Information security management system (ISMS): a set of policies and procedures to systematically manage the confidential information of a company. An information security management system (ISMS) is part of a general management system in companies, and facilitates information security.
  • Cyber security: the protection of computer systems / networks / programs against unauthorised access or theft and damage to hardware, software or information.
  • Ethical hacking: the mapping op weaknesses and vulnerabilities in computer- and information systems, by copying the intents and actions of malicious hackers.
  • COBIT 5 (Control Objectives for Information and Related Technologies): a framework published by ISACA (Information Systems Audit and Control Association), with which you can effectively and efficiently structure an IT organisation, or screen an existing IT organisation. COBIT is focused on the strategy, control and management of IT processes. With COBIT, you can determine whether the IT organisation is ‘in control’ or not. COBIT provides a list of measures fort he management and auditors, based on which they can guide the IT organisation.
  • Security architecture: Security architecture is a security design that maps the needs and potential risks of a certain scenario or a certain environment, and specifies where and when security checks need to be applied.
  • Endpoint security: the protection of company details on devices of the end user (e.g. mobile, laptop, tablet, etc.) to avoid damage when the device falls into the wrong hands.
  • Application security: Application security is the use of software, hardware and procedures to protect applications agains external threats. 
  • Cloud security: Cloud security ensures control on different levels in the network infrastructure, to guarantee the continuity and protection of cloud-based assets, such as websites and web applications.

    Read more about our ISO27001 services.