Terminology and Definitions
The GDPR definitions displayed in this table are taken from the Information Commissioner’s Office ICO's website.
| GDPR Terminology | Definition |
| Data breach |
A breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to personal data.
|
| Data controller | Responsible for determining the purposes and means of processing personal data and demonstrating compliance with GDPR principles. |
| Data Processing |
Operations such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
|
| Data Processor | Responsible for processing personal data on behalf of a data controller. |
| Data Protection Impact Assessment (DPIA) |
A tool to help organisations identify the most effective way to comply with data protection obligations and meet individuals’ expectations of privacy.
|
| Data Protection Officer (DPO) |
Responsible for informing and advising organisations about GDPR, and monitoring compliance.
Your organisation must appoint a DPO if you:
|
| Personal Data | Any information relating to an identifiable person who can be directly or indirectly identified, for example, name, identification number, online identifier. |
| Sensitive Personal Data | Special categories of personal data, for example, genetic data and biometric data processed to uniquely identify an individual. |
| Subject access request (SAR) |
A written request which entitles an individual to be:
|