Glossary of GDPR Related Terms
The General Data Protection Regulation (GDPR) still applies in the UK and so it's important for all UK businesses and organisations to remain compliant. Our glossary of GDPR-related terms aims to help you quickly and easily learn (or refresh your memory of) some of the most common related terms:
Accountability
Organisations that collect and process data are responsible for handling it correctly and complying with the UK GDPR, as well as being able to demonstrate their compliance. Accountability is one of the key principles in data protection law
Data Breach
When personal data held by an organisation has been lost, accidentally destroyed, altered without proper permission, damaged or disclosed to someone it shouldn’t have been. Personal data breaches can have serious consequences for the people whom are identifiable in the data
Data Controller
A data controller determines the purposes and means of processing personal data. Even when a separate entity is processing the data, controllers must ensure their contracts with processors comply with the UK GDPR
Data Processor
A data processor is responsible for processing personal data on behalf of a data controller. Processors have specific legal obligations under UK GDPR and have legal liability if they are responsible for a breach
Data Subject
An identifiable person from or about whom data has been collected. They’re the ‘subject’ of that data e.g. customers, employees, service users (the term only relates to people who are alive)
DPA 2018 - Data Protection Act
The UK’s data protection framework (alongside the UK GDPR). It sets out a general processing regime, a separate regime for law enforcement authorities, and a separate regime for the three intelligence services
DPIA - Data Protection Impact Assessments
A process to help organisations identify and minimise the data protection risks of a project
DPO - Data Protection Officer
Public authorities/bodies and organisations that carry out certain types of processing activities have a duty, under the UK GDPR, to appoint a data protection officer. DPOs assist organisations with monitoring internal compliance, advise on data protection obligations and act as a point of contact for data subjects and the ICO
DPL/DPM - Data Protection Lead/Manager
A data protection lead/manager is someone appointed to offer advice on data protection and be well informed about GDPR within an organisation. It’s a more reactive role compared to a DPO and isn’t a necessary requirement under the UK GDPR
DSAR - Data Subject Access Request
A Data Subject Access Request, also known as a Subject Access Request (SAR), is a request by an individual for personal information held by an organisation, which will be either a Data Processor or Data Controller.
You can learn more about Data Subject Access Requests here
GDPR - General Data Protection Regulation
The EU’s agreed standards for data protection, written into UK law through the Data Protection Act 2018 (DPA 2018). Following the UK’s exit from the EU, the GDPR has been retained in UK law as the UK GDPR
You can learn more about GDPR in our Beginners Guide to GDPR
ICO - Information Commissioner’s Office
The ICO is the UK's official organisation responsible for implementing the GDPR and upholding information rights in the UK
Personal Data
Information that relates to an identified or identifiable individual e.g. name, phone number, email address, IP address, cookie identifier
Right of Access
The right of individuals, under the UK GDPR, to access and receive a copy of their personal data, and other supplementary information
Rights In Relation To Automated Decision Making & Profiling
The right of individuals, under the UK GDPR, to request visibility as to what personal data is stored (being ‘processed’) by organisations and how it is being used by them
The Right To Be Informed
The right of individuals, under the UK GDPR, to be informed about the collection of their personal data and what it will be used for at the time of collection, or within a reasonable timeframe
The Right To Data Portability
The right of individuals, under the UK GDPR, to obtain and reuse their personal data for their own purposes across different services
The Right To Erasure
The right of individuals, under the UK GDPR, to have their personal data erased (also known as ‘the right to be forgotten’)
The Right To Object
The right of individuals, under the UK GDPR, to object to the processing of their personal data (in certain circumstances)
The Right To Rectification
The right of individuals, under the UK GDPR, to request to have inaccurate personal data rectified, or completed if it is incomplete
The Right To Restrict Processing
The right of individuals, under the UK GDPR, to request the restriction or suppression of their personal data (when processing is restricted, organisations are allowed to store the data, but not use it)
Want to learn more?
We've put together a great beginners guide to GDPR which provides a quick and easy way to learn some of the important and fundamental basics.
