Blog

Our latest news and updates

GDPR - Key Terms & Definitions

Key Terms & Definitions

Important - GDPR only affects those businesses that hold data on individuals based in Europe.

“Accountability is at the centre of all this” states Elizabeth Denham, Information Commissioner for the ICO, who was named the most influential person in data-driven business in the DataIQ list. That accountability can be the responsibility of many and there are numerous terms and keywords within the General Data Protection Regulation (GDPR) that identify that accountability. To help we have picked a handful of terms which we think are important when researching and preparing for GDPR.

Personal Data

GDPR defines Personal Data as any data that can identify an individual. This could include; Name, Email Address, Photo, Bank Details, IP Address etc. Personal Data does not extend to company information whereby an individual can’t be identified. 

For example, Company name, Registered Address, info@ email addresses, SIC Codes etc.

Data Subject

This refers to the individual whose personal data you are capturing, storing or processing. 

For example, any customers you hold personal information on are data subjects.

Data Controller

Data Controller means a person who determines the purposes for which and the manner in which any personal data is to be processed.

For example, ‘Business A’ has a database, that they have created, of customer and prospect information, meaning they are the data controller.

Data Processor

A Data Processor is responsible for processing personal data on behalf of the controller.

For example, ‘Business A’ passes their database to a telemarketing agency to conduct some of their marketing activities. Therefore, the telemarketing agency is the data processor.

It is likely that most data processors, if not all, will also be data controllers. Due to them having their own internal administrative processes such as HR and payroll.

Data Protection Officer (DPO)

All businesses, if you are a public authority or carry out certain types data processing, must appoint a Data Protection Officer (DPO). This person is the go to for all data protection information within your business, must be an expert on all things data protection, have all the tools to complete their job and report directly to the highest level of management. Take a look at this article for more information at the roles and responsibility of a DPO.