Glossary of terms used on this site

Search for glossary terms (regular expression allowed)
Term Main definition
Data Minimisation Principle
The principle of
Data Portability
the right to have their personal data returned to them in an electronic format by the data controller. They may then pass this data onto another controller. This will enable individuals to move to alternative service providers more easily
Data Processor
A person, public authority, agency or other body which processes personal data on behalf of the controller.
Data Protection Authority
A term often used to refer to a supervisory authority, which is an independent public authority responsible for monitoring the application of the General Data Protection Regulation in order to protect the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free flow of personal data within the European Union.
Data Protection by Default
The implementation of appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons. Such organisational measures could consist, inter alia, of minimising the processing of personal data, pseudonymising personal data as soon as possible, transparency with regard to the functions and processing of personal data, and enabling the data subject to monitor the data processing.
Data Protection by Design
data security and privacy compliance must be built into new organisational and technical systems during their development, not added in later. Only data that is determined as
Data Protection Impact Assessments
The controller shall carry out an assessment of the impact of the envisaged processing operations on the protection of personal data when a type of processing is likely to result in a high risk to the rights and freedoms of natural persons. This assessment has to be done prior to the processing and, in particular if using new technologies, has to take into account the nature, scope, context and purposes of the processing.
Data Protection Officer
Under the GDPR, some organisations need to appoint a data protection officer who is responsible for informing them of and advising them about their data protection obligations and monitoring their compliance with them.
Data Protection Policy
Data protection policies outline the basic contours of the measures an organization takes in the processing and handling of personal data. Key matters the policy should address include: Scope, which explains both to whom the internal policy applies and the type of processing activities it covers; Policy statement; Employee responsibilities; Management responsibilities; Reporting incidents; Policy compliance.
Data Protection Principles
Article 5 of the General Data Protection Regulation lists the principles as such: Lawfulness, fairness and transparency; Purpose limitation; Data minimisation; Accuracy; Storage limitation; Integrity and confidentiality.
Data Recipient
Any person to whom personal data are disclosed, including any person to whom they are disclosed in the course of processing the data for a Data Controller (for example, an employee of the data controller, a data processor or an employee of the data processor).
Data Subject
The identified or identifiable living individual to whom personal data relates.
Direct Marketing
The communication of advertising or marketing material directed to particular individuals.
Encryption
Is a means of preventing anyone other than those who have a key from accessing data, be it in an email, on a PC or on a storage device.
Erasure
Article 17(1) of the GDPR establishes that data subjects have the right to erasure of their personal data if: the data is no longer needed for its original purpose and no new lawful purpose exists; the lawful basis for the processing is the data subject
Fairness
Fairness means data subjects must be aware of the fact that their personal data will be processed, including how the data will be collected, kept and used, to allow them to make an informed decision about whether they agree with such processing and to enable them to exercise their data protection rights. Consent notices should not contain unfair terms and supervisory authority powers should similarly be exercised fairly.
Freely Given
The General Data Protection Regulation requires that consent be a freely given, specific, informed and unambiguous indication of the data subject
General Data Protection Regulation
The General Data Protection Regulation (GDPR) replaced the Data Protection Directive in 2018. The aim of the GDPR is to provide one set of data protection rules for all EU member states and the European Economic Area (EEA). The document comprises 173 recitals and 99 articles.
Genetic Data
means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question
ICO

Information Commissioner's Office, the UK data protection regulator.

https://ico.org.uk/

Search