GDPR Article 4: Definitions

All 99 Articles Chapter 1: General Provisions

The dictionary of the GDPR — defining 'personal data', 'processing', 'controller', 'processor', 'consent', 'pseudonymisation', 'profiling' and more. Almost every other article depends on these terms.

Key points

'Personal data' is any information relating to an identified or identifiable person.
A 'controller' decides the why and how of processing; a 'processor' acts on the controller's behalf.
'Consent' must be a freely given, specific, informed and unambiguous indication of the person's wishes.

Read the official text on EUR-Lex

5Principles relating to processing of personal data 6Lawfulness of processing 28Processor 1Subject matter and objectives 2Material scope 7Conditions for consent

Learn the context

These summaries are a plain-English orientation only and are not a substitute for the official text of the Regulation or for legal advice.

Need to apply Article 4?

Our data-protection lawyers turn the text into a plan.

Talk to a lawyer

Back to all articles

Article 4 — Definitions

Key points

Related articles