Glossary of GDPR Related Terms
glossary book

Glossary of GDPR Related Terms

The General Data Protection Regulation (GDPR) still applies in the UK and so it's important for all UK businesses and organisations to remain compliant. Our glossary of GDPR-related terms aims to help you quickly and easily learn (or refresh your memory of) some of the most common related terms:


Organisations that collect and process data are responsible for handling it correctly and complying with the UK GDPR, as well as being able to demonstrate their compliance. Accountability is one of the key principles in data protection law

Data Breach

When personal data held by an organisation has been lost, accidentally destroyed, altered without proper permission, damaged or disclosed to someone it shouldn’t have been. Personal data breaches can have serious consequences for the people whom are identifiable in the data

Data Controller

A data controller determines the purposes and means of processing personal data. Even when a separate entity is processing the data, controllers must ensure their contracts with processors comply with the UK GDPR

Data Processor

A data processor is responsible for processing personal data on behalf of a data controller. Processors have specific legal obligations under UK GDPR and have legal liability if they are responsible for a breach

Data Subject

An identifiable person from or about whom data has been collected. They’re the ‘subject’ of that data e.g. customers, employees, service users (the term only relates to people who are alive)

DPA 2018 - Data Protection Act

The UK’s data protection framework (alongside the UK GDPR). It sets out a general processing regime, a separate regime for law enforcement authorities, and a separate regime for the three intelligence services

DPIA - Data Protection Impact Assessments

A process to help organisations identify and minimise the data protection risks of a project

DPO - Data Protection Officer

Public authorities/bodies and organisations that carry out certain types of processing activities have a duty, under the UK GDPR, to appoint a data protection officer. DPOs assist organisations with monitoring internal compliance, advise on data protection obligations and act as a point of contact for data subjects and the ICO

DPL/DPM - Data Protection Lead/Manager

A data protection lead/manager is someone appointed to offer advice on data protection and be well informed about GDPR within an organisation. It’s a more reactive role compared to a DPO and isn’t a necessary requirement under the UK GDPR

DSAR - Data Subject Access Request

A Data Subject Access Request, also known as a Subject Access Request (SAR), is a request by an individual for personal information held by an organisation, which will be either a Data Processor or Data Controller.

You can learn more about Data Subject Access Requests here

GDPR - General Data Protection Regulation

The EU’s agreed standards for data protection, written into UK law through the Data Protection Act 2018 (DPA 2018). Following the UK’s exit from the EU, the GDPR has been retained in UK law as the UK GDPR

You can learn more about GDPR in our Beginners Guide to GDPR

ICO - Information Commissioner’s Office

The ICO is the UK's official organisation responsible for implementing the GDPR and upholding information rights in the UK

Personal Data

Information that relates to an identified or identifiable individual e.g. name, phone number, email address, IP address, cookie identifier

Right of Access

The right of individuals, under the UK GDPR, to access and receive a copy of their personal data, and other supplementary information

Rights In Relation To Automated Decision Making & Profiling

The right of individuals, under the UK GDPR, to request visibility as to what personal data is stored (being ‘processed’) by organisations and how it is being used by them

The Right To Be Informed

The right of individuals, under the UK GDPR, to be informed about the collection of their personal data and what it will be used for at the time of collection, or within a reasonable timeframe

The Right To Data Portability

The right of individuals, under the UK GDPR, to obtain and reuse their personal data for their own purposes across different services

The Right To Erasure

The right of individuals, under the UK GDPR, to have their personal data erased (also known as ‘the right to be forgotten’)

The Right To Object

The right of individuals, under the UK GDPR, to object to the processing of their personal data (in certain circumstances)

The Right To Rectification

The right of individuals, under the UK GDPR, to request to have inaccurate personal data rectified, or completed if it is incomplete

The Right To Restrict Processing

The right of individuals, under the UK GDPR, to request the restriction or suppression of their personal data (when processing is restricted, organisations are allowed to store the data, but not use it)

Want to learn more?

We've put together a great beginners guide to GDPR which provides a quick and easy way to learn some of the important and fundamental basics.

The information and remarks provided in this article represent insight and guidance for best practice which is correct or valid or appropriate at time of publication.

Latest News & Events

What Is a Data Leak and How Do They Happen?

Data leaks are a serious problem for organisations and individuals. In this day and age, individuals freely provide personal information to organisations, therefore a data leak can have a significant impact on both the company and the person. They often involve the exposure of personal data (such as name, address and financial details), with additional damage to the company or organisation in terms of potential financial loss and reputational damage.

Read more

Contact Databasix

Tel 01865 346080

Get Data Protection Services t/a Databasix
is a registered company in England & Wales.
Registration No. 15292208

Unit B Oakwood
Oakfield Industrial Estate
OX29 4TH

Supported by Business Resilience secured by OxLEP Business
Supported by Business Resilience secured by OxLEP Business