Article 4 provides key definitions of important terms used throughout the regulation. These definitions help ensure that everyone interprets and applies the law consistently and correctly.
It defines key concepts such as personal data, processing, data subject, controller, processor, and consent. For example, personal data includes any information that can identify a person, directly or indirectly, such as names, email addresses, IP addresses, or ID numbers.
By clearly defining these terms, Article 4 removes confusion and creates a common understanding, helping organisations comply properly and individuals understand their rights.
| Term / Point | Definition / Summary | Notes / Examples |
|---|---|---|
| Personal data | Any information relating to an identifiable person. | Names, email addresses, phone numbers, IP addresses. |
| Processing | Any operation performed on personal data, manual or automated. | Collecting, storing, using, sharing, deleting, analysing. |
| Data subject | The individual whose personal data is being processed. | The customer, user, employee, or patient. |
| Controller | The person or organisation determining the purposes and means of processing. | Company deciding why and how personal data is used. |
| Processor | The person or organisation processing data on behalf of a controller. | Cloud storage provider, payroll service, IT contractor. |
| Consent | Freely given, specific, informed, and unambiguous agreement by the data subject. | Ticking a checkbox for marketing emails after being informed. |
Article 1 – Article 2, Article 3, Article 4, Article 5, Article 6, Article 7 , Article 8