Articles
25 data privacy acronyms you should know
new

25 data privacy acronyms you should know

Veröffentlicht  

6/4/2025

von 

Thierry Maout

7
min lesen

Published  

June 4, 2025

by 

Thierry Maout

10 min read
Zusammenfassung

Anybody involved with data privacy matters has to deal with what can seem like an alphabet soup at times.

GDPR, CMP, PII, DPA, DPO... Are you familiar with all of them?

We compiled a selection of some of the most data privacy acronyms you should know (for a downloadable cheat sheet including all 25 acronyms, scroll down to the bottom of the article).

Data protection regulations and laws

Some of the most commonly used acronyms in data privacy are actual laws and regulations. We won't include them all (check out our country guides to get your fill), but here are some you should definitely know about:

GDPR: General Data Protection Regulation (EU)

The GDPR is the landmark EU regulation that set the modern global benchmark for privacy laws. If there's one acronym (and regulation) you should know, it's probably this one.

CCPA: California Consumer Privacy Act / CPRA: California Privacy Rights Act (USA)

The U.S. counterpart to the GDPR, the CCPA was the first broad U.S. consumer privacy law (2018). It has since been amended by the CPRA, considered a “CCPA 2.0" expanding on sensitive-data rules and establishing a watchdog agency, the California Privacy Protection Agency or CPPA (yes, that's a lot of acronyms already).

HIPAA: Health Insurance Portability and Accountability Act (USA)

Another US-based law, HIPAA relates to health data privacy and security rules.

COPPA: Children’s Online Privacy Protection Act (USA)

Also in the United States, COPPA mandates verifiable parental consent for the data of users under 13 years old. Learn more in our article on underage users privacy regulations.

Signals and transfer mechanisms acronyms

Data privacy gets complex. Thankfully, various frameworks and mechanisms enable the compliant transfer of data and communication of user choices. Here are the key acronyms in this space:

TCF: Transparency and Consent Framework

The TCF is a framework created by IAB (another acronym you'll find later on in the article). It enables the sharing of user privacy choices with the advertising industry automatically through a standardized format. Learn everything you need to know about the TCF v2.2 in our guide.

GPP: Global Privacy Platform

GPP (Global Privacy Platform) is an IAB Tech Lab framework that supports GDPR via the TCF and US regulations via state-specific or US national strings. It provides similar functionality as TCF but for multiple regions.

SCCs: Standard Contractual Clauses (EU) / IDTA: International Data Transfer Agreement (UK)

SCCs (Standard Contractual Clauses) and IDTA (International Data Transfer Agreement) are contractual safeguards that let organizations export personal data from the EEA or the UK to countries that lack an adequacy decision.

DPF: Data Privacy Framework

The DPF is the current mechanism orchestrating EU-US data transfers, replacing the Privacy Shield. At the time of writing this article, it’s under scrutiny for potential upcoming legal challenges. Learn more in our dedicated deep dive on the framework.

GPC: Global Privacy Control

GPC is a set of browser-level signals that communicate user privacy preferences automatically to websites.

Data protection roles, industry and supervisory bodies

Privacy regulations establish specific roles and organizations responsible for oversight and implementation. These are the main actors you should know:

DPA: Data Protection Authority

DPAs act as national regulators, with investigative/enforcement powers to enforce data protection laws and issue recommendations and guidelines. This category includes a myriad of acronyms in itself, from France's CNIL to California's CPPA, or the ICO in the UK.

DPO: Data Protection Officer

A DPO is an independent privacy lead, mandated by GDPR Articles 37-39 for many data controllers/processors.

EDPB: European Data Protection Board

The EDPB is an EU-wide body ensuring consistent GDPR interpretation and issuing guidance across the European Union.

IAB: Interactive Advertising Bureau

The IAB is an advertising trade association developing industry standards and frameworks for digital advertising.

Privacy and compliance solutions and tools acronyms

To implement privacy requirements, organizations rely on various technological solutions and assessment tools. Here are the essential ones:

CMP: Consent Management Platform

Born with the advent of the GDPR, CMPs centralize and manage user consent, communicating these choices with the rest of the advertising and technoliogcal chain.

Here's a useful list if you're in the market for one.

PETs: Privacy-Enhancing Technologies

PETs describe not one product but a toolkit, offering solutions like differential privacy, homomorphic encryption, secure enclaves, and more, used to analyze or share data without exposing raw PII (find more about that acronym further down).

PMP: Preference Management Platform

A Preference Management Platform allows organizations to create unique user experiences by collecting and managing valuable zero-party data.

DPIA: Data Protection Impact Assessment

A DPIA is an assesment companies can leverage to evaluate the privacy risks of their processing activities.

ROPA: Record of Processing Activities

ROPA is a document following the article 30 GDPR, establishing a log of “who, what, why, where.” of a company's data processing practices.

ACM: Advanced Compliance Monitoring

Didomi's Advanced Compliance Monitoring solution helps organizations scan their website for unauthorized tags, cookies, vendors, and more.

Core privacy concepts you should know

Acronyms within acronyms! Data privacy regulations and documentation are filled with concepts and ideas you should know about, here are some of the main ones.

SPI: Sensitive Personal Information

In the United States, Sensitive Personal Information (also called "Sensitive Personal Data" or "special-category data" in the EU) defines "some types of personal data pose heightened risks to individuals if lost, stolen, or disclosed without authorization."

The exact categories vary by jurisdiction. For an exhaustive guide of SPI in the U.S., check out our dedicated article.

PII: Personally Identifiable Information

PII refers to any information that can be used to identify, contact, or locate an individual, either alone or combined with other data.

This includes direct identifiers (like names or emails) as well as indirect ones (like device IDs or location data).

DSAR/DSR: Data Subject Access Request

DSAR/DSR refers to individual rights requests including access, deletion, and correction of data by organizations.

We wrote a complete guide to DSAR where you can learn about them in details, including how to handle them.

PbD: Privacy by Design

PbD is a concept and framework created by Ann Cavoukian, the former Information and Privacy Commissioner for Ontario, Canada.

It comprises a set of 7 principles for organizations to proactively incorporate privacy into the design specifications of IT systems and business processes. Learn more about why Privacy by Design matters for marketers.

Keep it all in one place: Data privacy acronym cheat sheet

For easy reference, download our free PDF cheat sheet (no email required) including all 25 privacy acronyms and their definitions:

Der Autor
Thierry Maout
Lead content manager at Didomi.
Access author profile

Zugehöriger Artikel

No items found.