GDPR Glossary of Terms to help demystify the terminology

The General Data Protection Regulation shares many terms with the Data Protection Act. This is a layman’s guide to the most commonly used terms.

Consent: Permission to collect, store and use personal data.
Data Controller: The person who “owns” the data who determines the purposes for which, and the manner in which any personal data are, or are to be, processed.
Data Portability: The ability to move data from organisation to organisation, or across nation states.
DPA: Data Protection Act: the regulation that the GDPR replaces.
Data Processor: Any person who processes data on behalf of the Data Controller.
Data Protection Officer: Person responsible for the oversight of organisational data protection strategy and implementation to ensure compliance with the GDPR.
Data Subject: The person to whom a data set relates (for example, you or me).
GDPR: General Data Protection Regulations: the new regulations governing the way we collect, store, use and destroy data.
ICO: Information Commissioner’s Office: the body responsible for upholding GDPR.
Personal Data: Anything clearly seen as personal, including name, address, phone number but also including IP addresses, cookie identifiers and UDID (Unique device Identifiers). Expressions of opinion about an individual also count as Personal Data, so you need to be careful what you say about colleagues or clients in emails.
Right to be Forgotten: The right to request the complete deletion of all personal data.
Subject Access Request: A request that an individual can make to find out the data that an organisation has relating to them.

Subscribe to our newsletter