GDPR-kirjaimet puhekuplissa
GDPR-kirjaimet puhekuplissa

A Glossary of GDPR terms

Here are some of the key terms and definitions as used in relation to the GDPR



Processing data into a form in which identification is not possible even with additional information. This kind of data is no longer personal information.

See also Pseudonymisation.

Automated individual decision-making and profiling

Profiling is the automised processing of personal data to analyse or predict personal aspects such as economic situation, purchasing behaviour, health, performance at work, or other behaviour.

In the case of a negative bank loan decision, for example, the data subject has the right to contest the automised decision and demand it to be reviewed by a natural person.

Automated individual decision-making and profiling may not make use of special categories of data, such as ethnicity, political views or religious beliefs, except in specific and exceptional circumstances.

See also Special categories of personal data.




The supervisory authority can impose warnings or reprimands, sanctions, ban on data processing or administrative fines on data controllers for non-compliance.

The amount of the administrative fine is deliberated on case-specifically and depends on many factors, such as the gravity of the violation and intentionality. According to the GDPR it must be effective, proportionate and dissuasive

This means that the fine for a similar violation may vary from €10 000 to €500 000 € and even to €50 million, depending on the circumstances.

The maximum fine for lower level infringements is €10 million. Companies with a worldwide annual turnover of € 500 million or more, however, may be issued up to 2% of the annual turnover of the prior financial year.

The maximum fine that can be imposed for serious infringements of the GDPR is twice as high: the greater of €20 million or 4 % of an undertaking’s worldwide turnover for the preceding financial year.

See also Supervisory authority.