GDPR – Glossary

Data Processing

Under the GDPR, processing refers to any operation performed on personal data, including collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Controller

The organisation or individual that determines the purpose and manner of data processing.

Data Processor

An organisation or individual that processes data on behalf of a data controller. One change under GDPR is that data processors can now be held liable by the regulator or individuals for a failure to comply.

Data Subject

This is a living individual who the personal data is about.

Information Commissioner’s Office

The UK’s supervisory authority  is the Information Commissioner’s Office, an independent body established to uphold information rights. The current Information commissioner is Elizabeth Denham.

Supervisory Authority

As the GDPR is a regulation rather than a directive, it has binding legal force as opposed to being transposed into domestic law. Each member state appoints a supervisory authority to oversee compliance to the GDPR. In the UK this is the Information Commissioner’s Office (ICO).