|BCRs||Binding corporate rules, which govern transfers between organisations in a corporate group. For more information, see “International data transfers”.|
|Cookies||Small text files which help store information about an individual’s browsing habits. They are downloaded onto an individual’s computer when the individual visits a website and help the cookie owner store data about the individual’s activity on that site, such as how often they visit, how long they spend on each page and other preferences.|
For more information, see “Marketing and Cookies”.
A person or business which makes decisions about how or why personal data is processed.
Any person or organisation which processes personal data on behalf of a data controller.
|Data protection by design (also known as “Privacy by design”)||A general obligation under the GDPR to implement technical and organisational measures to demonstrate that you have considered data protection issues and integrated data protection into your activities. For more information, see “Data protection by design”.|
An individual whose data is being processed. It includes employees, or people acting in a business context. So information about the individuals working for your business, or for one of your suppliers, is still personal data.
DPA /The Data Protection Act 1998
The main piece of legislation governing data protection before the GDPR.
An assessment of the risks your data processing might pose to individuals’ rights and freedoms.
|DPO / Data |
A person appointed by a business to ensure it complies with the GDPR and any other applicable data protection laws.
|GDPR / The |
Data Protection Regulation
EU legislation which will regulate how businesses process personal data. This comes into force on 25 May 2018.
Just as the GDPR governs the use of personal data and will effectively replace the DPA, the ePrivacy Regulation is a set of new rules to govern online privacy which will replace the current law in the area (the PECR, explained below).
ICO / The
The main organisation promoting and enforcing data protection and privacy laws in the UK. The ICO provides information and guidance on how to comply with data protection requirements, investigates businesses to ensure they do, and will be responsible for fining those that do not.
IoT / The Internet
The network of ‘smart’ physical devices that use internet connectivity as part of their functionality. For example, where a thermostat communicates with a smartphone to give its user information about the temperature of the house, both form part of the Internet of Things.
PECR / The
Data relating to a living identified or identifiable individual.
Data in which each identifying field has been replaced with an artificial name, so that it is harder to identify real individuals from the data. For example, ‘Joe Smith’ might be replaced by ‘Customer 123’.
Portability of data
“Portability” essentially means “movement”. In this context, it refers to how “portable” data is. “Portability of data” is a new right in the GDPR which entitles individuals to easily move, copy and transfer their personal data from one provider to another.
Personal data that contains information of a sensitive nature about an individual. The following types of data are “sensitive” or “special categories” under the GDPR: