{"id":24819,"date":"2018-02-12T09:22:55","date_gmt":"2018-02-12T09:22:55","guid":{"rendered":"https:\/\/www.highspeedtraining.co.uk\/hub\/?p=24819"},"modified":"2024-05-17T13:48:13","modified_gmt":"2024-05-17T12:48:13","slug":"gdpr-glossary","status":"publish","type":"post","link":"https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-glossary\/","title":{"rendered":"GDPR Glossary of Key Terms"},"content":{"rendered":"

The introduction of the General Data Protection Regulation (GDPR) in May 2018 resulted in big changes to how companies can processes people\u2019s data. By now, all businesses should be fully compliant with its requirements. However, if you still have ways to improve, this glossary might help you understand the key aspects of data protection law. It may also be useful if you’re adopting more responsibilities regarding data protection in your organisation and want to develop your knowledge.<\/p>\n

Some of the terminology may feel a little overwhelming and confusing if you\u2019ve never encountered them before, so we\u2019ve created this GDPR glossary of key terms to help.<\/p>\n

\"employees<\/p>\n

\n

Accountability<\/strong> \u2013 the data controller is responsible for compliance with the data protection principles. They must be able to demonstrate the steps the business takes to ensure compliance.<\/p>\n

Binding Corporate Rules (BCRs)<\/strong> \u2013 a set of rules that allow multinational organisations to transfer personal data from the EU to their affiliates outside of the EU.<\/p>\n

Consent<\/strong> \u2013 consent is defined as receiving a data subject\u2019s agreement to process their data. Agreement must be freely given, informed, specific and unambiguous. This consent could be given several ways, such as via a written statement (including by electronic means) or an oral statement.\u00a0Gaining consent must be clear and unambiguous. The data subject must understand implicitly what they are providing their data for, how it will be processed, who will process it and how long it will be stored.<\/p>\n

Data Breach<\/strong> \u2013 any accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access of a subject\u2019s data.<\/p>\n

Data Controller<\/strong> \u2013 \u2018controller\u2019 means the legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data.<\/p>\n

\"employees<\/p>\n

Data Erasure<\/strong>\u2013 (also known as the Right to be Forgotten) this entitles the data subject to request that the data controller erase their personal.<\/p>\n

Data Minimisation<\/strong> \u2013 this means that you can only collect personal data if it\u2019s needed to achieve the intended purpose. Personal data should be adequate, relevant and limited to what is necessary. Where appropriate, such data should also be kept up to date.<\/p>\n

Data Processor<\/strong> \u2013\u00a0\u2018processing\u2019 means any operation, or set of operations, which is performed on personal data or on sets of personal data. It is considered processing whether these operations occur by automated or manual means. Processing includes the following activities: collecting, recording, organising, using, structuring, storing, adapting, retrieving, consulting, destroying and more. The data processor can be an organisation or third-party provider who manages and processes personal data on behalf of the controller. Data processors have specific legal obligations, such as maintaining personal records, and are liable in the event of a data breach.<\/p>\n

Data Protection Authority<\/strong> \u2013 the national authority who protects data privacy.<\/p>\n

Data Protection Officer<\/strong> \u2013 an appointed individual who works to ensure you implement and comply with the policies and procedures set by GDPR.<\/p>\n

Data Subject<\/strong> \u2013 someone whose personal data is processed by a controller or processor.<\/p>\n

Encrypted Data<\/strong> \u2013 personal data which has been translated into another form or code so that only people with specific access can read it.<\/p>\n

\n
\n
\n
\"expert<\/div>\n

Need a Course?<\/h3>\n<\/div>\n<\/div>\n

Our GDPR Training Course<\/a> \u00a0is suitable for anyone who has responsibility for implementing the changes brought about by the GDPR.<\/p>\n<\/div>\n

EU-US Privacy Shield<\/strong> \u2013 this refers to a new set of GDPR standards that allow for the legal transfer of personal data between the EU and US for commercial reasons.<\/p>\n

Fairness Principle<\/strong> \u2013 this is a principle that states the data subject should have the right to:
\n1. Access the data.
\n2. Rectify the data.
\n3. Request that the data be erased.
\n4. Restrict processing.
\n5. Data portability.
\n6. Object to the processing of data.
\n7. Not to be subject to a decision based solely on automated processing.<\/p>\n

Integrity & Confidentiality Principle<\/strong> \u2013 personal data must be processed using appropriate technical, organisational and security measures.<\/p>\n

Legality Principle<\/strong> \u2013 for any personal data processed, the organisation must be able to specify that it has been processed on one of the legal grounds specified by GDPR. These grounds are:
\n1. Individuals consent.
\n2. Contract with the individual.
\n3. Complying with an existing obligation.
\n4. Complying with an existing obligation.
\n5. Necessary for a task in public interest or authority.
\n6. Necessary in the legitimate interest of an organisation or third party.<\/p>\n

Personal Data <\/strong>\u2013 any direct or indirect information relating to an identified person that could be used as a means of identifying them. This includes their name, ID number, location data or an online identifier.<\/p>\n

Privacy Impact Assessment<\/strong> \u2013 a tool used to identify the privacy risks.<\/p>\n

Profiling<\/strong> \u2013 the automated processing of personal data.<\/p>\n

\"employees<\/p>\n

Processing<\/strong> \u2013 \u00a0this refers to any activity relating to personal data, from initial collection through to the final destruction. It includes the organising, altering, consulting, using, disclosing, combining and holding of data, either electronically or manually.<\/p>\n

Pseudonymisation<\/strong> \u2013 processing data so it can no longer be attributed to a data subject without the use of additional data.<\/p>\n

Purpose Limitation Principle<\/strong> \u2013\u00a0 this refers to using information only for the specified, explicit and legitimate purposes for which the data was collected and not for any other purpose.<\/p>\n

Sensitive Personal Data<\/strong> \u2013 other factors specific to physical, physiological, genetic, mental, economic, cultural or social identity.\u00a0This can include genetic data, biometric data, and criminal convictions and offences that, when processed, can uniquely identify a person.<\/p>\n

Third Party<\/strong> \u2013 a legal body or authority other than the data subject, controller or processor who is authorised to process personal data under authority of the data controller or processor.<\/p>\n

\n

The terminology used when describing GDPR can be confusing, but it’s important that you understand them all. Knowing what responsibilities GDPR places on different individuals and what policies and procedures you must comply with is important if you want to avoid severe legal fines and a lost reputation. Use the information contained in this article to ensure you understand what is expected of you.<\/em><\/p>\n

\n

What to Read Next:<\/h3>\n