The terminology used by the ISO 29100 privacy framework arguably most closely aligns with the terminology used under the GDPR. The following chart provides a side-by-side comparison of commonly used terms and concepts as they appear in the European GDPR, the California CCPA, and the newly passed Virginia Consumer Data Protection Act.
ISO 29100 | Europe GDPR | California CCPA/CPRA | Virginia VCDPA |
Personally identifiable information (PII) | Personal data | Personal information | Personal data |
PII controller | Controller or Data Controller | Business | Controller |
PII principal | Data subject | Consumer | Consumer |
PII processor | Processor or Data processor | Service Provider | Processor |
Processing | Processing | Processing | Processing |
Pseudonymization | Pseudonymisation | Psudonymization | Pseudonymous data |
Sensitive PII | Special category | Sensitive personal information | Sensitive data |