Key definitions
Data Protection Legislation: UK General Data Protection Regulation (“UK GDPR”), Data Protection Act 2018 (“DPA 2018”), Privacy and Electronic Communications Regulations 2003, and any other relevant law concerning the processing of personal data.
Data: information processed by automated or non-automated means, including structured files that are accessible by specific criteria.
Personal data: any information that can, either directly or indirectly, identify a living person. Identifiers include:
- name
- address
- date of birth
- postcodes
- unique identification numbers
- location data
- online identifiers (such as an IP address)
- pseudonymised data
- information relating to a person's social or economic status
Special category data: personal data consisting of information relating to:
- race or ethnicity
- political opinions
- religious beliefs or other beliefs of a similar nature
- trade union membership or affiliation
- physical or mental health or condition
- biometric and, or genetic data
- sex life or sexual orientation
Criminal convictions data: personal data relating to:
- the alleged commission of offences by the data subject, or
- proceedings for an offence committed or alleged to have been committed by the data subject or the disposal of such proceedings, including sentencing.
Processing: any action on personal data, such as collection, use, storage, sharing, or destruction (whether by automated or manual means).
Data subject: the individual whose data is being processed.
Controller: the person or organisation that decides (either alone or jointly with others) how and why personal data is processed.
Processor: any person or organisation that processes data on behalf of the controller.
Law enforcement processing: processing personal data for the purpose of:
- the prevention, investigation, detection or prosecution of criminal offences, or
- the execution of criminal penalties, including protecting and preventing threats to public security