Skip to content

The terminology used by the ISO 29100 privacy framework arguably most closely aligns with the terminology used under the GDPR. The following chart provides a side-by-side comparison of commonly used terms and concepts as they appear in the European GDPR, the California CCPA, and the newly passed Virginia Consumer Data Protection Act.

ISO 29100 Europe GDPR California CCPA/CPRA Virginia
Personally identifiable information (PII) Personal data Personal information Personal data
PII controller Controller or Data Controller Business Controller
PII principal Data subject Consumer Consumer
PII processor Processor or Data processor Service Provider Processor
Processing Processing Processing Processing
Pseudonymization Pseudonymisation Psudonymization Pseudonymous data
Sensitive PII Special category Sensitive personal information Sensitive data