GDPR Terminology

As the implementation of the General Data Protection Regulation (GDPR) draws near, it is important that businesses and organisations understand the terminology that is being used. Here are some of the terms that you may have seen, with a short explanation for each.

  • Data Controller – a person who decides what personal data is processed and how it should be processed. This can also apply to a group of people. It includes people who work for a business that processes personal data.
  • Data Processor – a third party that processes data on behalf of a data controller. For instance, IT service providers process personal data on behalf of the companies they provide a service for.
  • Personal Data – any piece of data, or collection of personal data, that can lead to the identification of an individual. Data can include items such as IP addresses as well as physical addresses and telephone numbers.
  • Data Subject – the individual whose personal data is being processed.
  • Right to be forgotten – the right for an individual to request that personal data is deleted. This request does not necessarily have to be complied with, if there is a legally valid reason for the personal data to continue being processed.
  • Data Protection Officer (DPO) – the person responsible for overseeing data protection and GDPR compliance within a business. All public bodies need to have a DPO in place, as do businesses or organisations that undertake large scale monitoring of individuals and those that process a large amount of personal data which falls into special categories, as detailed by the GDPR.
  • Data Protection Authority – the organisation responsible for the overseeing of data protection, and GDPR compliance, in each EU country. The central authority, which has overall control, is the Data Protection Board.

These are not all of the terms that you will see mentioned in GDPR, but they are some of the most common ones.