Under the GDPR, processing refers to any operation performed on personal data, including collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The organisation or individual that determines the purpose and manner of data processing.
An organisation or individual that processes data on behalf of a data controller. One change under GDPR is that data processors can now be held liable by the regulator or individuals for a failure to comply.
This is a living individual who the personal data is about.
Information Commissioner’s Office
The UK’s supervisory authority is the Information Commissioner’s Office, an independent body established to uphold information rights. The current Information commissioner is Elizabeth Denham.
As the GDPR is a regulation rather than a directive, it has binding legal force as opposed to being transposed into domestic law. Each member state appoints a supervisory authority to oversee compliance to the GDPR. In the UK this is the Information Commissioner’s Office (ICO).