As the General Data Protection Regulation (GDPR) came into force on 25th May 2018, your business should be busy ensuring it complies with the new rules. But are you confident you understand the guidance? Decipher the jargon and get to grips with the key terminology with this Data Protection Glossary from Dennis Watkins & Co
Broadly defined as any information which is kept on record with the intention of being processed, filed or held.
It could be held on, or processed by, a computer or by hand on paper.
Any information relating to a person who can be directly or indirectly identified from it.
This could be a name, ID number, location data, or an online identifier such as a username or email address. The GDPR applies to both automated personal data and manual filing systems.
Sensitive Personal Data
“Special categories of personal data”, such as genetic and biometric data.
This type of data can be uniquely used to identify an individual. Personal data relating to criminal convictions and offences are not included.
“A data controller determines the purposes and means of processing personal data.”
Not all organisations have the same degree of responsibility when it comes to processing data. A data controller determines the reason data is processed, and how it is done, but may not necessarily carry out the processing themselves. The GDPR places obligations on data controllers to ensure their contracts with data processors comply with the GDPR.
“A data processer is responsible for processing personal data on behalf of a controller.”
This refers to any person who processes data on behalf of the data controller, other than an employee of the data controller. If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.
In relation to information or data, processing refers to “obtaining, recording or holding the information or data” as well as carrying out any operation including; organisation, adaptation, alteration, retrieval, disclosure, dissemination, destruction, or use of the information.
Information Commissioner’s Office (ICO)
The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.