A-Z of data protection - G is for ...

A-Z of data protection: terms you need to know

G

gap analysis
• An analysis which identifies the “gap” between the capability of an organisation’s data privacy management programme and what is actually required by its business operations. The “gap” is identified during an assessment or audit.
• The scope of the gap analysis includes, but is not limited to, management tools, hardware, operating systems, administrator expertise and outsourced services.

General Data Protection Regulation (GDPR) 
• The data protection regulation in the EU which sets the guidelines for the collection, processing, and free movement of personal data.  The GDPR provides a common set of rules for all people in the EU and the European Economic Area (EEA).  It also applies to any organisation around the world, as long as it targets or collects data related to people in the EU.

Governance / Corporate Governance (GRC context)
• The act of externally directing, controlling and evaluating an entity, process or resource (OCEG definition).

Governance, Risk, and Compliance (GRC)
• Coined by the Open Compliance and Ethics Group (OCEG), GRC refers to the integrated collection of capabilities that enable an organisation to reliably achieve objectives, address uncertainty, and act with integrity.

Grey-hat hacking
• A hybrid of black-hat and white-hat hackers, grey-hat hackers hack without an organisation’s permission, but reveal the flaws they discover to the organisation afterwards. They may offer a solution to the flaw and charge a fee.