Data Protection and GDPR Glossary of Terms

We are compiling a perpetually expanding and comprehensive data protection and GDPR glossary of terms for all you need to know.

Data Controller - A controller manages the who, when, where the decisions relating to what data is collected and how it is processed. Both the controller and data processor are held liable for data protection compliance.

View the full GDPR glossary of terms here.

Data Mapping - A process of that identifies where data lies, who has access to it, how secure it is, and what it’s used for.

View the full GDPR glossary of terms here.

DPNs - Data Privacy Notices - A tool that address the what data one collects, why, who is the controller and who is the processor.

View the full GDPR glossary of terms here.

Data Processor - Someone who only processes data under the controller’s remit. The processor is held liable for data protection compliance, as well as the data controller.

View the full GDPR glossary of terms here.

Data Protection Impact Assessments (DPIAs) - a vital, and mandatory, process that organisations must undertake for GDPR to analyse high-risk personal data processing operations (introducing a new service could be considered a high-risk operation, for example).

View the full GDPR glossary of terms here.

Data Subject - Simply, the person, or entity, that provides personal data to an organisation. That could be your customer, staff, associate, contact, etc: all of these have the rights of data subjects regardless of their relationship to you, because you hold their data.

View the full GDPR glossary of terms here.

Data Subject Access - The data subject may request to know what data the organisation currently has on them. This request will be performed by internal resources, such as asking the HR department.

View the full GDPR glossary of terms here.

DSARsData Subject Access Rights - The rights the person (data subject) has to accessing or amending their data. The DSARs are: the Right to be Forgotten, the Right to Rectification, Data Subject Access, the Right to Restrict Processing, and Portability.

View the full GDPR glossary of terms here.

Encryption - Data is hidden by a piece of coding that can only be understood or revealed by certified data handler(s).

View the full GDPR glossary of terms here.

EU-US Privacy Shield – The regulation which allows for personal data to be freely transferred between EU countries and the US for commercial reasons.

View the full GDPR glossary of terms here.

Gap Analysis - A test of the systems, policies and real-world understanding of a company or organisation, compared directly by us against checklists provided by the ICO and other related guidance. A GDPR Gap Analysis takes 2-3 days, typically in person, in which our consultant will read all of your policies, receive questionnaires from all staff, visit relevant sites and hold meetings with key personnel, before reporting back in full to management and providing a full report detailing Yes/No/Underway and reasons, for every point on the ICO's GDPR Checklist. Find out more here.

View the full GDPR glossary of terms here.

GDPRGeneral Data Protection Regulations - The new data protection laws set in place by the European Union, to come in effect in May 2018.

View the full GDPR glossary of terms here.

ICO - Information Commissioner's Office - The governing body for PII and companies that hold it in the UK.

View the full GDPR glossary of terms here.

ISO 27001 - A leading information security standard that is set by the International Organisation for Standardisation (ISO). We are leading consultants for ISO 27001 and if you don’t pass first time with us, we won’t charge until you do. https://activaconsulting.co.uk/iso-27001-standard/

View the full GDPR glossary of terms here.

PIA - Privacy Impact Assessment - A means of identifying private data and reducing the risk of said data being exposed.

View the full GDPR glossary of terms here.

PIIPersonally Identifiable Information - Any type of data or information that can identify a specific person.

View the full GDPR glossary of terms here.

Portability – The data subject has the right to move data from one organisation to another – proof of identity will likely be required for this to happen.

View the full GDPR glossary of terms here.

Pseudonymisation - A piece of data hides behind a “mask”, a “disguise” that only the data handler(s) know(s) the meaning of. Think of a writer using a false name (a pseudonym), for example.

View the full GDPR glossary of terms here.

Right of Rectification – The data subject has the right to request and make amends to any data an organisation currently holds.

View the full GDPR glossary of terms here.

Right to be Forgotten/Right of Erasure - The data subject may request for certain data to be removed. Example: Unsubscribing from an email service is, in essence, the right to be forgotten.

View the full GDPR glossary of terms here.

Right to Restrict Processing – The data subject can stop or prevent any personal data from being processed. An organisation can hold onto this data, but not process it at the request of the data subject.

View the full GDPR glossary of terms here.