GDPR Definitions

GDPR Definitions

GDPR Definitions

29 March 2018

By now you'll either be a GDPR wizard or you'll still be trying to get your head around the whole thing. Data who? Cyber what?

In almost every meeting the 'G' word comes up: along with a host of GDPR definitions. To help your understanding, we've listed here 10 key terms described in plain English to help you digest their meaning. You can see a full list of key GDPR definitions on the ICO website.

Cyber Security - The protection of systems, networks and data in an online environment.

Data Controller - The organisation/person, responsible for making decisions about what happens to personal data, determining the purposes and means of processing.

Data Processor - A third-party organisation/vendor/person that is responsible for processing Personal Data on behalf of a Data Controller. Typically software companies, hosting providers and printers for example. They deal with and store personal information in accordance with instructions by the Data Controller.

Data Protection Officer (DPO) - A data security expert who helps Data Controllers and Processors comply with the GDPR, avoid risks when processing personal data and if needed report data breaches to the ICO.

Data Sharing Agreements - A formal contract between Data Controllers and Processors (or Processors and Sub-Processors) that clearly states what data is being shared and how the data can be used.

Data Subject - A person that personal data refers to.

Data Sub-Processor - Where a Processor engages another Processor to complete the service they are providing to the Data Controller. The Data Controller must provide written authorisation to its Processor, agreeing to the use of the Sub-Processor.

Personal Data - Any information that can be used to directly, or indirectly, identify a person (Data Subject). For example, name and address, email address, name and last four digits of credit card, and an IP address.

Sensitive Personal Data - There are special categories of personal data that are considered sensitive and include racial or ethnic origin, political opinions, religious or philosophical views, trade union membership, sexual orientation, and health, genetic and biometric data where processed to uniquely identify an individual.

Supervisory Authority - Any local, national, or multinational organisation/agency responsible for administering Data Protection Laws. For example, in the UK this would be the ICO.

Related news

6 things you should know before emailing employee documents

Ahead of the General Data Protection Regulation (GDPR) coming in May 2018, we’ve compiled the six most important things you need to consider before deciding whether to email employee documents that contain sensitive information.
Read More
GDPR Compliance

GDPR Compliance and Email: Coming May 2018

May 2018 is fast approaching but there's no need to be overwhelmed. Have you considered these factors when thinking about email and GDPR compliance?
Read More

Stay in the know