Appendix 1. Definitions (according to GDPR (2018))
Term | Definition |
---|---|
Personal Data | Any information or data relating to an identified or identifiable living individual who can be identified, directly or indirectly, in particular by reference to a name, and identification number, location data, an online identifier or to one of more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. |
Sensitive Data/ Special Category Data | Different from ordinary personal data (such as name, address, telephone) and relates to racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, sex life, sexual orientation, criminal convictions, genetic data and biometric data. Special category data are subject to much stricter conditions of processing. |
Data Subject | Any living individual who is the subject of personal data held by an organisation. |
Data Controller | Any person (or organisation) which alone or jointly with others, determines the purpose and means of processing of personal data. |
Data Processor | Any person or organisation which processes personal data on behalf of the Data Controller. |
Third Party | Any individual/organisation other than the data subject, the data controller, or data processor who, under the direct authority of the controller or processor, are authorised to process personal data. |
Processing | Any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
Lawful Basis | Processing personal data will only be legal if it is necessary, and a lawful basis for processing has been identified. These lawful basis could be for a contract, to comply with a legal obligation, to protect the vital interests of a person, a task carried out in the public interest, a legitimate interest (except where it exceed the privacy interests of a data subject), or the data subject has given their explicit consent to process their personal information. |
Relevant Filing System | Any paper filing system or other manual filing system which is structured so that information about an individual is readily accessible. Personal data can be held in any format, electronic (including websites and emails), paper-based, photographic etc. from which the individual's information can be readily extracted. |