Under Law No. 6698 on the Protection of Personal Data, several key terms are defined to ensure a clear understanding of its provisions. These definitions are essential for the proper implementation and compliance with the law.

• Personal Data: Any information relating to an identified or identifiable natural person. Examples include a person’s name, ID number, contact information, and other identifiable characteristics like IP addresses or health records.
• Sensitive Personal Data: A specific subset of personal data that requires extra protection, such as information about a person’s race, ethnicity, political opinions, religious beliefs, health, sexual orientation, and criminal records.
• Processing: Any action taken with personal data, including collection, recording, storage, alteration, retrieval, disclosure, transfer, or deletion.
• Data Subject: The individual to whom the personal data belongs or relates.
• Data Controller: The natural or legal person, public institution, or body that determines the purposes and methods of processing personal data and is responsible for ensuring compliance with the law.
• Data Processor: A natural or legal person who processes personal data on behalf of the data controller, typically under a contractual agreement.
• Explicit Consent: Freely given, specific, and informed permission by the data subject for their personal data to be processed.
• Anonymization: The process of rendering personal data unidentifiable, so it can no longer be linked to an individual, even indirectly.

These definitions provide the groundwork for understanding the obligations and responsibilities of parties involved in data processing activities.