2025: A new ambition for MDS.   Discover our strategy and innovations soon. In the meantime, explore our vision

contact an expert
ARTICLE 4 DU RGPD

ARTICLE 4 OF THE GDPR

Article 4 of the GDPR

Article 4 of the GDPR: Key Definitions and Concepts for the Protection of Personal Data

Introduction

The General Data Protection Regulation (GDPR), which came into force in May 2018, marks a major turning point in the protection of personal data within the European Union. Article 4 of the GDPR plays an essential role by establishing the key definitions and fundamental concepts that govern data protection. Understanding these terms is crucial to ensure the correct implementation of the GDPR and to guarantee the confidentiality and security of individuals’ personal data.

The Key Definitions of Article 4

Personal Data

According to Article 4 of the GDPR, personal data is defined as any information relating to an identified or identifiable natural person. This may include elements such as name, address, telephone number, email address, IP address, advertising identifier, location data, and more. Personal data is therefore at the heart of the GDPR, and its processing is subject to strict rules to ensure the protection of individuals’ privacy.

Processing of Personal Data

Article 4 of the GDPR defines the processing of personal data as any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
This definition thus encompasses a wide range of actions undertaken with personal data, whether electronically or manually.

Data Controller

Article 4 of the GDPR defines the data controller as the natural or legal person, public authority, agency, or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. In other words, the data controller is the entity that decides on the collection of data and how it will be used.

It is important to note that the data controller must comply with all GDPR requirements regarding the collection, use, and protection of personal data.

Data Processor

Article 4 of the GDPR defines the data processor as the natural or legal person, public authority, agency, or any other body that processes personal data on behalf of the data controller. Data processors can be external service providers, cloud providers, marketing agencies, among others.

It is essential that data processors follow the instructions of the data controller and take appropriate measures to protect personal data.

The Key Concepts of Article 4

The Principle of Data Minimization

The principle of data minimization is set out in Article 5 of the GDPR. It stipulates that personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
In other words, this means that companies should only collect the personal data necessary to achieve the specific objective for which it is collected and should not retain this data longer than necessary.

For example, if a company wishes to send newsletters to its customers, it only needs their email address and does not need to collect any additional unnecessary personal information for that purpose.

Consent of the Data Subject

Article 6 of the GDPR states that the processing of personal data is lawful only if the data subject has given explicit consent for the processing of their data for specific purposes. Consent must be freely given, informed, specific, unambiguous, and provided by a clear affirmative action.

To obtain valid consent, companies must clearly inform data subjects of the purposes of the processing, how the data will be used, the rights they have over their data, and the possibility to withdraw their consent at any time.

Consent is therefore a fundamental element of the GDPR and a key aspect in ensuring the protection of personal data.

Rights of the Data Subjects

The GDPR grants data subjects a set of essential rights regarding their personal data. These rights include:

The right of access: Data subjects have the right to ask a company whether it processes their personal data and to obtain a copy of that data.

The right to rectification: Data subjects have the right to request the correction of inaccurate or incomplete personal data.

The right to erasure: Data subjects have the right to request the deletion of their personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

The right to data portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller.

The right to object to processing: Data subjects have the right to object to the processing of their personal data under certain circumstances, such as when the processing is based on the legitimate interests of the data controller.

These rights enable individuals to exercise control over their personal data and protect their privacy.

Importance of Article 4 of the GDPR

Article 4 of the GDPR plays a fundamental role by providing clear definitions and establishing key concepts for the protection of personal data. By understanding these terms and principles, companies can ensure proper implementation of the GDPR, avoid the risks of non-compliance, and safeguard the confidentiality and security of individuals’ personal data.

By adhering to the requirements of Article 4 of the GDPR, companies build trust and transparency with their customers, enhance their reputation, and commit to an ethical approach to the processing of personal data.

In Brief

Article 4 of the GDPR plays a crucial role in protecting personal data within the European Union. By establishing clear definitions and key concepts, this article ensures a consistent and uniform approach to data protection across Europe.

Understanding these definitions and concepts is essential to ensure GDPR compliance, protect individuals’ privacy, and establish a relationship of trust with customers.

By implementing a privacy-respecting approach and protecting personal data, companies can distinguish themselves in an evolving digital landscape and strengthen their market position.

Related Articles
Hôtels et RGPD Garantir la confidentialité des clients
Hotels and GDPR: Ensuring guest privacy
Hotels and GDPR Key Compliance Steps
Hotels and GDPR : Key Compliance Steps
Share
GDPR advice
GDPR
outsourcing
GDPR software
Expertise
GDPR
ecosystem
DPO GDPR per city
GDPR support per city
Compliance in
your industry
Navigation
Legal Information
Newsletter

Subscribe to our newsletter to receive the latest news and updates.

Portraits de trois clients souriants
+ 400 customers have trusted us
Twitter Linkedin Youtube Facebook Instagram
logo-charte-de-deontologie-du-dpo

© Copyright 2025 | My Data Solution | All rights reserved | Legal notices
Made with ❤️ by Gonnected eClaud IT

GDPR advice
GDPR outsourcing
GDPR software
Expertise
GDPR ecosystem
DPO GDPR per city
GDPR support per city
Compliance in
your industry
Navigation
Legal Information
Newsletter

Subscribe to our newsletter to receive the latest news and updates.

Portraits de trois clients souriants
+ 400 customers have trusted us
Twitter Linkedin Youtube Facebook Instagram
logo-charte-de-deontologie-du-dpo

© Copyright 2025 | My Data Solution | All rights reserved | Legal notices
Made with ❤️ by Gonnected eClaud IT