Glossary of terms used on this site

One of the six legal bases for processing personal data outlined by the General Data Protection Regulation is processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

A fair information practices principle and a piece of many privacy and data protection regulations, this is the principle that the purposes for which personal data are collected should be specified no later than at the time of data collection and the subsequent use of that personal data is limited to the fulfilment of those purposes or such others as are not incompatible with those purposes and as are specified to the individual on each occasion of change of purpose, or for which there is a further legal basis that would not require notification.

The right of rectification is the right to obtain from the controller the rectification without delay of inaccurate or incomplete personal data. To exercise the right of rectification, the data subject usually has to write to the controller of the processing operation. By way of illustration, if you need to change your personal address or if you find that information about you is inaccurate, you should exercise your right of rectification by contacting the controller who holds these data.

Data retention refers to all obligations on the part of controllers to retain personal data for certain purposes. To limit how long you keep personal data is part of data minimisation. The rule of thumb is "as long as necessary, as short as possible", although sometimes legal rules may impose fixed periods. Data that are no longer retained cannot fall into the wrong hands, nor be abused, meaning that defining and enforcing limited conservation periods helps to protect the people whose data are processed.

The right of an individual to inspect all personal data relating to them held by a data controller in an intelligible and, as far as is practicable, permanent format.

An individual

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future. This right can only be exercised where- - their accuracy is contested by the data subject, enabling though the controller to verify the accuracy, including the completeness of the data; - or the processing is unlawful and the data subject opposes their erasure and demands their restriction of processing instead. - or the controller no longer needs them for the accomplishment of its tasks but they have to be maintained for purposes of proof; - or the data subject has objected to processing to Article 23(1) pending the verification whether the legitimate grounds of the controller override those of the data subject. Personal data restricted can only be processed with the data subject's consent, for purposes of proof, or for the protection of the rights of a third party, or for reasons of important public interest of the Union or of a Member State.

Personal data containing information relating to an individual’s; racial and ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life, or criminal history.

 

Personal data containing information relating to an individual’s; racial and ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life, or criminal history.

The request of an individual to a data controller to exercise their right of access. The data controller must produce the requested information in an intelligible and, as far as is practicable, permanent format.

Any person other than; the data subject, the data controller, any data processor or other person authorised to process data for the data controller or processor, or any employee or agent of the data controller or data processor.

The movement of personal data from one organisation to another. This could also relate to the international transfer of data.

Taking appropriate measures to provide any information relating to processing to the data subject in a concise, intelligible and easily accessible form, using clear and plain language.

Although not defined in the Data Protection Act, the Information Commissioner has advised that "vital interests" should be interpreted as relating to life and death situations: e.g. the disclosure of a data subject's medical details to a hospital casualty department after a serious accident.