Log in

GDPR Glossary

Article 29 Working Party

Official Definition

The Article 29 Working Party (referred to as “WP29”) is made up of a representative from the data protection authority of each EU Member State, the European Data Protection Supervisor and the European Commission. The composition and purpose of WP29 were set out in Article 29 of the Data Protection Directive, and it was launched in 1996. WP29’s mission is to provide expert advice to the EU Member States regarding data protection and promote the consistent application of the Data Protection Directive.

What Does This Mean?

A group of experts in data protection from EU member states who provide advice on lawmakers regarding GDPR.

Consent

Official Definition

Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

What Does This Mean?

The individual giving a clear indication that they are happy for their data to be used in the way expressed at the point of collection.

DPO

Official Definition

A data protection officer (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements.

What Does This Mean?

Someone who is responsible for your organisation’s data protection, GDPR compliance and ensuring the individuals' rights are met during the controlling and processing period of their data being stored.

Data Controller

Official Definition

The Data Controller is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal

What Does This Mean?

The Data Controller is someone who decides what happens to the individual’s data held.

Data Processor

Official Definition

In relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.

What Does This Mean?

The Data Processing performs the request made by the Data Controller.

Data Subject

Official Definition

The Data Subject is a living individual to whom personal data relates.

What Does This Mean?

Referencing a person whose data can be related back to them.

Legitimate Interest

Official Definition

Legitimate interests are the most flexible lawful basis for processing, but you cannot assume it will always be the most appropriate.
It is likely to be most appropriate where you use people’s data in ways they would reasonably expect, and which have a minimal privacy impact, or where there is a compelling justification for the processing.

What Does This Mean?

The lawful basis for processing is based on identifying the interests and rights of the data subject in question. Deciding whether the marketing material you are sending is the most appropriate basis ensuring that the processing is low risk and not likely to cause the individual harm.

Personal Data

Official Definition

Any information relating to an identified/identifiable individual, whether it relates to his or her private, professional, or public life.

What Does This Mean?

Any data which reveals the identity of the individual.

Privacy by Design

Official Definition

Privacy by design is an approach to projects that promotes privacy and data protection compliance from the start. Unfortunately, these issues are often bolted on as an after-thought or ignored altogether.

What Does This Mean?

Privacy by design means having the mindset that privacy and data compliance is at the forefront of all aspects of data controlling or handling from the outset, rather than introducing the protocols further down the line.

Processing

Official Definition

In relation to information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data.

What Does This Mean?

Processing can include organisation, adaptation or alteration of the information or data. Retrieval, consultation or use of the information or data, disclosure of the information or data by transmission. Dissemination or otherwise making available, or alignment, combination, blocking, erasure or destruction of the information or data.

Profiling

Official Definition

Any form of automated processing of personal data using it to evaluate, analyse or predict certain personal aspects of a natural person.

What Does This Mean?

Processing the data in an automated way which you can then evaluate, analyse or predict traits of a natural person. Examples of profiling explicitly listed in the text of the GDPR are performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation

Official Definition

The processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.

What Does This Mean?

A procedure by which the most identifying fields within a data record are replaced by one or more artificial identifiers or pseudonyms. There can be a single pseudonym for a collection of replaced fields or a pseudonym per replaced field.

The DPA

Official Definition

The Data Protection Act (DPA) will be the new act of the United Kingdom (UK) Parliament aligning with GDPR, giving information about personal data that can be legally used and handled.

What Does This Mean?

The Data Protection Act, due to come into force on the 25th of May 2018, will be the updated version of the current DPA 1998. This DPA will mirror regulations set out in the GDPR ensuring the UK's ability to process, control and transfer data abiding by the EU rules.

The DPA 1998

Official Definition

The Data Protection Act 1998 (DPA 1998) is an act of the United Kingdom (UK) Parliament defining the ways in which information about living people may be legally used and handled. The main intent is to protect individuals against misuse or abuse of information about them.

What Does This Mean?

The current laws on data protection introduced in 1998 by the UK government outlining how personal information can be used by organisations or individuals

The Data Protection Bill

Official Definition

The Data Protection Bill was published on 14 September 2017 and aims to modernise data protection laws to ensure they are effective in the years to come.
A bill is the draft of a legislative proposal, which, when passed by both houses of Parliament and assented to by the President, becomes an Act of Parliament.

What Does This Mean?

The Data Protection Bill is the draft/proposal of what parliament wants to do regarding Data Protection. The Bill is discussed and debated in which amendments can be made. Once the bill has been agreed, the process begins to turn the bill into law or an act.

The GDPR

Official Definition

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR begins officially on the 25th of May 2018.

What Does This Mean?

A set of rules/guidelines produced within the European Union outlining new rights to individuals regarding their personal data being used.
The GDPR will then be introduced into each countries legislation turning it into law retrospectively.

The ICO

Official Definition

The Information Commissioner's Office (ICO; stylised as ico.) in the United Kingdom, is a non-departmental public body that reports directly to Parliament and is sponsored by the Department for Digital, Culture, Media and Sport (DCMS).

What Does This Mean?

The authority who polices, advises and assists with any data-related issues.

Members of the GGF Members of the ICO IOD - Director of the year nomination IOD - Corporate Responsibility Award ISO 9001 Certification