Third-Party Data

Data collected directly by an organisation from its own customers, users, or audience through owned channels such as websites, apps, CRM systems, transactions, and surveys. First-party data is considered the most valuable data category because it is collected with consent, is unique to the organisation, and provides direct insight into customer behaviour and preferences.

A secure, privacy-preserving technology environment that enables multiple parties to combine and analyse their datasets without either party gaining access to the other's raw data. Data clean rooms use cryptographic techniques, aggregation rules, and access controls to enable collaborative analytics while maintaining data privacy compliance.

The principle that data is subject to the laws and governance structures of the country in which it is collected or stored. Data sovereignty requirements affect cloud computing architecture, cross-border data transfers, and vendor selection, particularly in light of GDPR restrictions on transfers to countries without adequate data protection standards.

Data that a customer intentionally and proactively shares with a business, including preferences, purchase intentions, communication choices, and personal context. Unlike first-party data (which is observed from behaviour), zero-party data is explicitly volunteered through mechanisms such as preference centres, surveys, quizzes, and account settings.

A software system that creates a unified, persistent customer database accessible to other systems by collecting and integrating customer data from multiple sources — including CRM, website analytics, email, social media, transactions, and customer service interactions. CDPs resolve customer identities across channels and devices to build comprehensive individual profiles, enabling personalised marketing, customer journey orchestration, and advanced segmentation.

The framework of policies, standards, and processes that ensures data assets are managed consistently, securely, and in compliance with regulations throughout their lifecycle. Strong data governance increases the reliability and value of data as an intangible asset, directly supporting analytics, AI applications, and data monetisation strategies.

A structured process required under GDPR Article 35 to identify, assess, and mitigate privacy risks arising from data processing activities that are likely to result in high risk to individuals. DPIAs are mandatory before deploying new technologies, large-scale profiling, or processing sensitive personal data, and must document the necessity, proportionality, and safeguards of the proposed processing.

The documented lifecycle of data as it moves through an organisation's systems, showing its origin, transformations, dependencies, and destinations. Data lineage provides visibility into how data is created, processed, and consumed, enabling organisations to ensure data quality, comply with regulatory requirements (particularly GDPR's right to explanation), debug data pipeline issues, and assess the impact of system changes.