Let’s get to grips with demystifying the General Data Protection Regulation with our terms glossary
This is data that enables the identification of a data subject. It can include behavioral and physical characteristics of that person.
The data controller is the owner of the personal data. They decide what is done with that data, it’s purpose and who processes it.
This is when we give the data subject the opportunity to allow or deny us the permission to use their personal data. It needs to be clear what the data is going to be used for and should be as easy to revoke that consent as it is to give it.
Data Protection Officer
The DPO is an independent expert who ensure that a business is following the rules set out in the GDPR.
Encryption is a method of ensuring the confidentiality and integrity of an instance of data. It works by translating that information into seemingly random code, preventing it from being read by anyone without the decryption key.
This is a set of personal data that has been well structured enough to enable it to be searched through to identify an individual.
Genetic data concern the information held on a subject that can be identified through their genes. This can include inherited health issues and practicalities.
Personal data that includes a subject’s mental and physical health, as well as any health services they access.
This is when the data subject can request a copy of the data that is being held on them and can pass that data to another party.
The data processor is the entity that processes personal data for the controller. This can be an analytics provider or marketing email company.
Privacy by Design
This is a term used to describe the approach that is taken right at the start of a project or plan, that ensures the privacy of its users is secure. This reduces the need to make further changes down the line to satisfy this need.
Right to be Forgotten
This is also sometimes referred to in the GDPR as data erasure. A data subject can request that personal information stored on them be deleted. This can include items that are posted online by the subject themselves, as well as use of that data by third parties.
Also known as the Data Subject refers to the individual that you are holding personal data on.