🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 4 of the GDPR: what should we remember?

Home GDPR articles decrypted Article 4 of the GDPR: what should we remember?
Article 4 of the GDPR brings together all of the fundamental definitions used in the regulations. Understanding these terms is essential to correctly interpret your obligations and responsibilities in the management of personal data.

Article 4 of the GDPR explained

This article defines no less than 26 essential terms of the GDPR, including:

  • Personal data: any information relating to an identified or identifiable natural person.
  • Treatment: any operation or set of operations applied to data (collection, recording, organization, modification, etc.).
  • Data controller: the person or entity who determines the purposes and means of the processing.
  • Subcontractor: entity that processes data on behalf of the controller.
  • Consent, profiling, pseudonymization, etc.

These definitions make it possible to understand the other articles and to speak the same language as the supervisory authorities (such as the CNIL).

Why is this article important for your GDPR compliance?

Without mastering the definitions in Article 4, you risk misinterpret your obligations, or not knowing whether an action constitutes data processing.

It is also crucial for train your teams and write your internal policies clearly and in compliance with the GDPR.

How to comply with Article 4 of the GDPR?

  • Familiarize yourself with the 26 definitions from article 4.
  • Use these definitions in your documentation: processing register, confidentiality policy, contracts.
  • Ensure that all internal stakeholders and partners use the same definitions to avoid ambiguity.

Examples of application of Article 4 of the GDPR

  • A company identifies a user via their IP address: this falls within the definition of personal data.
  • A web agency hosting a client site with contact forms is a subcontractor according to article 4.
  • A company that segments its customers based on their online behavior carries out an operation profiling.

Related Resources

Accelerate your compliance in just a few clicks

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

👉 Request a demo with an expert

⚡ Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis.
👉 GDPR: Self-assess now

Other articles
on the same subject