glossary book

Glossary of GDPR Related Terms

The General Data Protection Regulation (GDPR) still applies in the UK and so it's important for all UK businesses and organisations to remain compliant. Our glossary of GDPR-related terms aims to help you quickly and easily learn (or refresh your memory of) some of the most common related terms:

Accountability

Organisations that collect and process data are responsible for handling it correctly and complying with the UK GDPR, as well as being able to demonstrate their compliance. Accountability is one of the key principles in data protection law

Data Breach

When personal data held by an organisation has been lost, accidentally destroyed, altered without proper permission, damaged or disclosed to someone it shouldn’t have been. Personal data breaches can have serious consequences for the people whom are identifiable in the data

Data Controller

A data controller determines the purposes and means of processing personal data. Even when a separate entity is processing the data, controllers must ensure their contracts with processors comply with the UK GDPR

Data Processor

A data processor is responsible for processing personal data on behalf of a data controller. Processors have specific legal obligations under UK GDPR and have legal liability if they are responsible for a breach

Data Subject

An identifiable person from or about whom data has been collected. They’re the ‘subject’ of that data e.g. customers, employees, service users (the term only relates to people who are alive)

DPA 2018 - Data Protection Act

The UK’s data protection framework (alongside the UK GDPR). It sets out a general processing regime, a separate regime for law enforcement authorities, and a separate regime for the three intelligence services

DPIA - Data Protection Impact Assessments

A process to help organisations identify and minimise the data protection risks of a project

DPO - Data Protection Officer

Public authorities/bodies and organisations that carry out certain types of processing activities have a duty, under the UK GDPR, to appoint a data protection officer. DPOs assist organisations with monitoring internal compliance, advise on data protection obligations and act as a point of contact for data subjects and the ICO

DPL/DPM - Data Protection Lead/Manager

A data protection lead/manager is someone appointed to offer advice on data protection and be well informed about GDPR within an organisation. It’s a more reactive role compared to a DPO and isn’t a necessary requirement under the UK GDPR

DSAR - Data Subject Access Request

A Data Subject Access Request, also known as a Subject Access Request (SAR), is a request by an individual for personal information held by an organisation, which will be either a Data Processor or Data Controller.

You can learn more about Data Subject Access Requests here

GDPR - General Data Protection Regulation

The EU’s agreed standards for data protection, written into UK law through the Data Protection Act 2018 (DPA 2018). Following the UK’s exit from the EU, the GDPR has been retained in UK law as the UK GDPR

You can learn more about GDPR in our Beginners Guide to GDPR

ICO - Information Commissioner’s Office

The ICO is the UK's official organisation responsible for implementing the GDPR and upholding information rights in the UK

Personal Data

Information that relates to an identified or identifiable individual e.g. name, phone number, email address, IP address, cookie identifier

Right of Access

The right of individuals, under the UK GDPR, to access and receive a copy of their personal data, and other supplementary information

Rights In Relation To Automated Decision Making & Profiling

The right of individuals, under the UK GDPR, to request visibility as to what personal data is stored (being ‘processed’) by organisations and how it is being used by them

The Right To Be Informed

The right of individuals, under the UK GDPR, to be informed about the collection of their personal data and what it will be used for at the time of collection, or within a reasonable timeframe

The Right To Data Portability

The right of individuals, under the UK GDPR, to obtain and reuse their personal data for their own purposes across different services

The Right To Erasure

The right of individuals, under the UK GDPR, to have their personal data erased (also known as ‘the right to be forgotten’)

The Right To Object

The right of individuals, under the UK GDPR, to object to the processing of their personal data (in certain circumstances)

The Right To Rectification

The right of individuals, under the UK GDPR, to request to have inaccurate personal data rectified, or completed if it is incomplete

The Right To Restrict Processing

The right of individuals, under the UK GDPR, to request the restriction or suppression of their personal data (when processing is restricted, organisations are allowed to store the data, but not use it)

Want to learn more?

We've put together a great beginners guide to GDPR which provides a quick and easy way to learn some of the important and fundamental basics.

Latest News & Events

Beginners Guide to ISO 27001

What is ISO 27001?

ISO 27001, sometimes referred to as ISO/IEC 27001, provides a technical framework that organisations can use to improve the management of their information. This process is an Information Security Management System (ISMS).

Read more

Register for News from Databasix

If you would like to stay up to date with the latest news and events from Databasix please click below, add your details and you will be added to our mailing list.

Contact Databasix

Email info@dbxuk.com
Tel 01235 838507

Databasix UK Ltd
is a registered company in England & Wales
Registration No. 08771007

Harwell Innovation Centre
Building 173
Curie Avenue
Harwell Oxford
Didcot
Oxfordshire
OX11 0QG