Data Protection Impact Assessment

Legal safeguards that protect individuals who report illegal, unethical, or dangerous activities within organisations from retaliation, including dismissal, demotion, or harassment. In the EU, the Whistleblower Protection Directive (2019/1937) requires companies with 50+ employees to establish internal reporting channels, while the UK's Public Interest Disclosure Act 1998 provides employment tribunal remedies.

Data collected by entities that do not have a direct relationship with the individuals whose data is being gathered, typically aggregated from multiple sources and sold to other organisations for marketing, analytics, or enrichment purposes. The value and availability of third-party data have declined sharply due to privacy regulations (GDPR, CCPA), browser restrictions on third-party cookies, and growing consumer demand for data transparency.

Data collected directly by an organisation from its own customers, users, or audience through owned channels such as websites, apps, CRM systems, transactions, and surveys. First-party data is considered the most valuable data category because it is collected with consent, is unique to the organisation, and provides direct insight into customer behaviour and preferences.

Data that a customer intentionally and proactively shares with a business, including preferences, purchase intentions, communication choices, and personal context. Unlike first-party data (which is observed from behaviour), zero-party data is explicitly volunteered through mechanisms such as preference centres, surveys, quizzes, and account settings.

Artificially generated data that mimics the statistical properties of real-world datasets, used to train machine learning models when actual data is scarce, sensitive, or expensive to obtain. Synthetic data enables AI development in privacy-constrained domains such as healthcare and finance, while reducing data acquisition costs and regulatory exposure.

The documented lifecycle of data as it moves through an organisation's systems, showing its origin, transformations, dependencies, and destinations. Data lineage provides visibility into how data is created, processed, and consumed, enabling organisations to ensure data quality, comply with regulatory requirements (particularly GDPR's right to explanation), debug data pipeline issues, and assess the impact of system changes.

A clause in an investment agreement that protects existing investors from ownership dilution if the company raises a subsequent round at a lower valuation (a down round). Common mechanisms include full ratchet and weighted-average anti-dilution.

The process of determining the period over which an intangible asset is expected to contribute to the cash flows of an entity, which governs the amortisation period under IAS 38 and ASC 350. Useful life may be finite (based on contractual, legal, regulatory, technological, or economic factors) or indefinite (when there is no foreseeable limit to the period over which the asset will generate net cash inflows).