Key GDPR terms you need to know

GDPR, the General Data Protect Regulation, is an incredibly large piece of legislation. Reading it, and understanding it, can take hours upon hours of study. However, understanding GDPR Rin its entirety is vital to avoid data breaches and hefty fines.

You may often see words such as processing or subject access requests and be unsure how these relate to data. We have put together a useful list of the most commonly used phrases to help you understand GDPR and data protection authorities better and to ensure your data is safe and secure.

• Processing – Any action performed on individual personal data or data sets. Examples of this are but not limited too; adaptation, changing, gathering, recording, organisation, structuring, storage, retrieval, consultation, use, transmission, dissemination, restriction, erasure or destruction.

• Data Subject – Data that pertains to an individual. This can be any person as they are easily and clearly identifiable from the data in question.

• Personal Data– Any information related to an individual or ‘Data Subject’, that can be used to identify the person. Examples of this could be; phone number, name, address or banking information.

• Subject Access Requests – When Data Subjects request to receive a copy of data you have about them.

• Data Controller – Decides the reason for personal data to be processed and how to process it. This role can be performed by an individual or team dependant on the amount of personal data you intend to process.

• Data Processor – Third parties that process data on behalf of the Data Controller, includes IT services.

• Data Protection Officer – Responsible for data protection and GDPR compliance within your business. DPO’s are not always necessary, however, you will need one if: your business is a public authority; you engage in large amounts of systematic monitoring of individuals; you carry out large-scale processing of special categories of data; or process data relating to criminal convictions and offences.

• Cross-Border Processing– Processing data in a single establishment in the Union, but that affects data subjects from more than one Member State. Or, the processing of personal data when the controller or processor is in more than one Member State and the processing takes place in more than one Member State.

• Consent – Freely given, unambiguous and informed indication of the data subject’s wishes by a statement of affirmative action and agreement to the processing of their personal data.

• Personal data breach – A security breach that results in an accidental or illegal loss, alteration, unauthorised disclosure of, destruction, or access to, personal data that has been processed, sent or stored.

• ICO– Stands for Information Commissioners Office. The ICO is the UK’s independent body set up to uphold information rights. Uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. Use to report personal data breaches, apply for grants and stay up to date with current legislation.

• DPA – The Data Protection Act (2018). The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). Read more on the Government Website.

Whilst there are many more important terms left to learn, this list provides a good introduction to the key terms you’ll encounter when working with GDPR law and data.