Further information - part four
Key terms and phrases
Data controller means the natural or legal person or other body who, alone or jointly with others, determines the purposes and means of the processing of personal data. This means that the data controller exercises overall control over the 'why' and 'how' of a data processing activity.
Data Protection Act 1998 is the legislation that currently applies to the processing of personal data in the UK. The Data Protection Bill 2017 – 19 will repeal the Data Protection Act 1998.
Data Protection Legislation means the Data Protection Act 1998, the Data Protection Bill 2017 – 19 and the General Data Protection Regulation, together with regulatory guidance issued by the European Commission (via the Article 29 Working Party) and the Information Commissioner's Office.
Data protection principles means the principles that are set out in the Data Protection Legislation relating to the processing of personal data. In the General Data Protection Regulation, there are six principles:
- lawfulness, fairness and transparency;
- purpose limitation;
- data minimisation;
- accuracy;
- storage limitation; and
- integrity and confidentiality.
In addition, there is an overarching principle of accountability.
Data processor means a natural or legal person or other body who processes personal data on behalf of the data controller.
Data subject means the identified or identifiable living individual to whom personal data relates.
General Data Protection Regulation (GDPR) is the primary EU legislation that, on and from 25 May 2018, will apply to the processing of personal data in all member states of the EU.
Information Commissioner's Office (ICO) is the UK's national data protection authority. It is a public body that is charged with regulating information rights, public sector transparency and individual's privacy in the UK.
Personal data or Personal information means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number etc.
Privacy notice means the information that is provided to inform individuals about what you do with personal data. Under the Data Protection Legislation, data controllers must provide accessible information to individuals about the use of their personal data.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Special categories of personal data
(also referred to as sensitive personal data) means:
- personal data that is personal data which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership;
- the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person;
- data concerning health; or
- data concerning a natural person's sex life or sexual orientation.