Let’s get to grips with demystifying the General Data Protection Regulation with our terms glossary
Biometric Data
This is data that enables the identification of a data subject. It can include behavioral and physical characteristics of that person.
Controller
The data controller is the owner of the personal data. They decide what is done with that data, it’s purpose and who processes it.
Consent
This is when we give the data subject the opportunity to allow or deny us the permission to use their personal data. It needs to be clear what the data is going to be used for and should be as easy to revoke that consent as it is to give it.
Data Protection Officer
The DPO is an independent expert who ensure that a business is following the rules set out in the GDPR.
Encryption
Encryption is a method of ensuring the confidentiality and integrity of an instance of data. It works by translating that information into seemingly random code, preventing it from being read by anyone without the decryption key.
Filing System
This is a set of personal data that has been well structured enough to enable it to be searched through to identify an individual.
Genetic
Genetic data concern the information held on a subject that can be identified through their genes. This can include inherited health issues and practicalities.
Health Data
Personal data that includes a subject’s mental and physical health, as well as any health services they access.
Portability
This is when the data subject can request a copy of the data that is being held on them and can pass that data to another party.
Processor
The data processor is the entity that processes personal data for the controller. This can be an analytics provider or marketing email company.
Privacy by Design
This is a term used to describe the approach that is taken right at the start of a project or plan, that ensures the privacy of its users is secure. This reduces the need to make further changes down the line to satisfy this need.
Right to be Forgotten
This is also sometimes referred to in the GDPR as data erasure. A data subject can request that personally_identifiable_information”>personal information stored on them be deleted. This can include items that are posted online by the subject themselves, as well as use of that data by third parties.
The Subject
Also known as the Data Subject refers to the individual that you are holding personal data on.