4 min read

Writen by Adam

Posted on: January 15, 2021

Key GDPR terms you need to know

GDPR, the General Data Protect Regulation, is an incredibly large piece of legislation. Reading it, and understanding it, can take hours upon hours of study. However, understanding GDPR Rin its entirety is vital to avoid data breaches and hefty fines.

You may often see words such as processing or subject access requests and be unsure how these relate to data. We have put together a useful list of the most commonly used phrases to help you understand GDPR and data protection authorities better and to ensure your data is safe and secure.

  • Processing – Any action performed on individual personal data or data sets. Examples of this are but not limited too; adaptation, changing, gathering, recording, organisation, structuring, storage, retrieval, consultation, use, transmission, dissemination, restriction, erasure or destruction.
  • Data Subject – Data that pertains to an individual. This can be any person as they are easily and clearly identifiable from the data in question.
  • Personal Data– Any information related to an individual or ‘Data Subject’, that can be used to identify the person. Examples of this could be; phone number, name, address or banking information.
  • Subject Access Requests – When Data Subjects request to receive a copy of data you have about them.
  • Data Controller – Decides the reason for personal data to be processed and how to process it. This role can be performed by an individual or team dependant on the amount of personal data you intend to process.
  • Data Processor – Third parties that process data on behalf of the Data Controller, includes IT services.
  • Data Protection Officer – Responsible for data protection and GDPR compliance within your business. DPO’s are not always necessary, however, you will need one if: your business is a public authority; you engage in large amounts of systematic monitoring of individuals; you carry out large-scale processing of special categories of data; or process data relating to criminal convictions and offences.
  • Cross-Border Processing– Processing data in a single establishment in the Union, but that affects data subjects from more than one Member State. Or, the processing of personal data when the controller or processor is in more than one Member State and the processing takes place in more than one Member State.
  • Consent – Freely given, unambiguous and informed indication of the data subject’s wishes by a statement of affirmative action and agreement to the processing of their personal data.
  • Personal data breach – A security breach that results in an accidental or illegal loss, alteration, unauthorised disclosure of, destruction, or access to, personal data that has been processed, sent or stored.
  • ICO– Stands for Information Commissioners Office. The ICO is the UK’s independent body set up to uphold information rights. Uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. Use to report personal data breaches, apply for grants and stay up to date with current legislation.
  • DPA – The Data Protection Act (2018). The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). Read more on the Government Website.

Whilst there are many more important terms left to learn, this list provides a good introduction to the key terms you’ll encounter when working with GDPR law and data.

Recent blogs

Most common types of GDPR violations

As GDPR effect is growing day by day and a lot of companies are affected, we would like to present

ICO published the next chapter of the Anonymisation guidance draft : Anonymisation, pseudonymisation and privacy enhancing technologies guidance

How to ensure anonymisation is effective? The ICO is calling for views on its updated draft gui

When can we refuse to comply with a SAR (Subject Access request) ?

A lot of companies are receiving SAR's almost every day. Not all of the SAR's are relevant and a lo

Get Your Account Now

Setup in just 5 minutes. Enter your company details and choose the EU Representative services you need.

Give Us a Call

Not sure whether EU Representative applies to you or which option to choose? Call, email, chat to us anytime.


Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.