The terminology used by the ISO 29100 privacy framework arguably most closely aligns with the terminology used under the GDPR. The following chart provides a side-by-side comparison of commonly used terms and concepts as they appear in the European GDPR, the California CCPA, and the newly passed Virginia Consumer Data Protection Act.
| ISO 29100 | Europe GDPR | California CCPA/CPRA | Virginia VCDPA |
| Personally identifiable information (PII) | Personal data | Personal information | Personal data |
| PII controller | Controller or Data Controller | Business | Controller |
| PII principal | Data subject | Consumer | Consumer |
| PII processor | Processor or Data processor | Service Provider | Processor |
| Processing | Processing | Processing | Processing |
| Pseudonymization | Pseudonymisation | Psudonymization | Pseudonymous data |
| Sensitive PII | Special category | Sensitive personal information | Sensitive data |