Franchise

GDPR Jargon Buster

If you need help navigating your way through technical data protection terms, look no further. We have created a list of commonly used terms and acronyms with a simple explanation about what each one means. Happy reading!

BCRs A set of binding corporate rules approved by the regulators that allow multinational companies and organisations to transfer personal data they control from the UK/EU to their affiliates outside the UK/EU (but within the same group).

 
Biometric data Personal data resulting from specific technical processing which relates to the physical, physiological, or behavioural characteristics of an individual. For example, this can include facial images or fingerprints.

 
Controller The organisation that decides why and how to use personal data.
Data subject A person whose personal data is processed.
DPA Data processing agreement. This is an agreement entered into between a controller and a processor which sets out the obligations with which the processor must comply when processing the controller’s personal data.
DPA 2018 (sometimes also confusingly just called the DPA) UK Data Protection Act 2018. This is the UK legislation which sets out UK specific rules relating to the implementation of GDPR in the UK.
DPIA (sometimes referred to as a PIA or Privacy Impact Assessment)

 

 Data protection impact assessment, which is a process which helps organisations to identify, mitigate and document privacy risks associated with proposed data processing activities. For high risk processing activities, DPIAs must be completed under GDPR.
DPO Data Protection Officer. Under GDPR certain organisations must appoint a DPO who must fulfil the statutory tasks set out in GDPR.
EDPB European Data Protection Board. This is the group of all EU data protection regulators which has certain tasks under GDPR, including issuing guidance and acting as a point of escalation for cross-border matters.
GDPR General Data Protection Regulation EU 2016/679. This is the European Union’s data protection law that governs the way in which organisations are permitted to use personal data.
ICO Information Commissioner’s Office. This is the UK’s data protection regulator.
Personal data Any information relating to an identifiable individual.
Personal data breach A breach of security that leads to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or, or access to, personal data.
PII Personally identifiable information. This is broadly similar to personal data and is most commonly used in the US.
Principles Fundamental principles embedded within the GDPR that set out the main responsibilities for organisations.
Processor The organisation that processes personal data on behalf of a controller. For example, IT suppliers will often be processors.
ROPA Record of processing activities. This is a record of all the personal data that is processed by an organisation. GDPR specifies the records that you need to maintain in your ROPA, which include the purposes for which personal data is being used, recipients of personal data and for how long it is retained.
RTBF Right to be forgotten. This is one of the rights which individuals have under GDPR where they can request that their personal data is deleted. Also known as the right of erasure.
SAR (sometimes referred to as a DSAR or data subject access request) Subject access request. This is one of the rights which individuals have under GDPR. Under the subject access right, individuals can request to obtain a copy of all of their personal data held by an organisation.
SCCs Standard contractual clauses. These are template contract clauses approved by the European Commission which can be used to ensure there are adequate safeguards in place for personal data that is transferred outside the EU.
Special categories of data This is a subset of personal data. These include information about racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data used to uniquely identify an individual, health data, or data concerning an individual’s sex life or sexual orientation.
Supervisory Authority (sometimes referred to as a DPA or Data Protection Authority) An independent public authority established by an EU Member State to oversee GDPR compliance.
TIA or TRA Transfer impact assessment or transfer risk assessment. These are risk assessments that must be completed when transferring personal data from the UK or the EU to a third country that does not have the benefit of being recognised as having adequate data protection laws.
EU European Union.

 

If you need support with data protection compliance matters please contact us . You might also be interested in our training courses – find out more here.

Share:

Facebook
Twitter
Pinterest
LinkedIn

Related Posts

Don't just take our word for it
"We have been working with HelloDPO for several years now and I have always found them to be friendly, approachable and above all professional in their approach. I would have no hesitation in recommending them."
Serena MayDirector, Southern HR Ltd
Serena May
"We have been working with HelloDPO for several years now and I have always found them to be friendly, approachable and above all professional in their approach. I would have no hesitation in recommending them."
Serena MayDirector, Southern HR Ltd
Serena May
“We have worked with Jenai, Alison and the HelloDPO team for over 5 years as our DPO and have found their advice and support invaluable. They are pragmatic and flexible in the advice they provide, and assist in making data protection compliance apply in a corporate environment. Working with them is like having additional members of our team, and the relationship has flourished over time."
Craig SaundersHead of International Privacy, Aetna Global Benefits (UK) Ltd
Craig Saunders
“The team (Jenai and Lisa) provided DPO services and compliance support to our business for over a year, during which they consistently delivered high quality advice and excellent client service. The demands of the hospitality industry are high and HelloDPO adapted to this quickly and seamlessly – they are responsive, knowledgeable, and pragmatic. They are also a pleasure to work with.”
Frasers Hospitality (UK) Ltd
“We have been working with HelloDPO for nearly a year. The team have been great to work with, highly professional and flexible. Most importantly, they have given clear advice and guidance in what is a very complex area. Well done and we look forward to continuing working with you!”
Ruth HidalgoDirector, Chartered Accountants Worldwide
Ruth Hidalgo
“The HelloDPO team have led us patiently through the intricacies of GDPR over the years, helping us to navigate a careful path to ensure understanding of the rules and therefore compliance with them. HelloDPO are a pleasure to work with and I’d have no hesitation in recommending them to others looking for good, commercial advice in this complex area.”
Sanjay PatelFinance Director, Cadogan Group Limited
“We have recently engaged HelloDPO and the team, led by Jenai, has been responsive, practical and generally very helpful when dealing with our data protection queries. We look forward to what’s on track to becoming a great working relationship!”
Federica CozzaniSenior Legal Counsel, Compre Group
Federica Cozzani
“If you’re looking for trustworthy, pragmatic and diligent legal advisors, say Hello(to)DPO! The team has been a great support to Skyscanner on a broad range of privacy and data protection matters, whether advising at a compliance level or on more acute legal issues. You’ll enjoy considerate, timely and helpful advice, provided by professionals with whom it’s a delight to work.”
Gemma WithamDirector of Legal (Privacy), Group Privacy Officer, Sykscanner Limited
Gemma Witham
“Jenai and Emma are amazing to deal with. They strike the right balance between understanding the business needs while doing it’s fiduciary duty to ensure we are on the right track from a legal, ethical and moral perspective. Working with HelloDPO’s guidance over the past 2 years has enabled X-Mode (now known as Outlogic) to be able to navigate complex and at times uncertain waters with GDPR in a strategic and ethical manner.”
Joshua AntonCEO, Outlogic
Joshua Anton
“A great bespoke service, delivered flexibly by absolute experts in a friendly, collaborative and accessible way. I cannot recommend more highly!"
Clare RussellInterim Head of Legal, Vue UK & Ireland
Clare Russell
“HelloDPO have been brilliant at getting our data compliance into shape. We have come such a long way in our ways of working and they are always on hand to help when we have complicated or urgent issues – they have simply become part of the team."
Josh TowbHead of Business Transformation, Jigsaw
Josh Towb
“The HelloDPO team have provided Channel 4 with a wide range of data protection advice over the years. Alison is always delightful to work with, and her advice is pragmatic and set within a commercial context, which is particularly helpful. HelloDPO runs regular DP Confessionals, which provide our team with a valuable wider industry view and a sense of issues which other organisations are struggling with, and the ways in which they are approaching them."
Rebecca MillerChannel 4
Previous
Next

Subscribe to our privacy news and legislation updates

Subscribe now

We are here to make our data-driven world a more equitable and ethical place to live, work, and thrive by pragmatically balancing our clients’ commercial ambitions with every individual’s right to privacy.

Linkedin
Navigation
Legal & compliance
HelloDPO Law Logo
© 2024 HelloDPO. All rights reserved. The use of any material on the website without our prior written consent is strictly prohibited.

Website developed by Bowler Hat

Data Protection; Demystified