Your comprehensive GDPR glossary

As you’d expect with a piece of international legislation, GDPR is awash with complicated terminology. We’ve simplified some of the key terms to help make things clearer

Simon Lock

GDPR glossary

Anonymisation – manipulating data so it is unlikely that the data subject will be identifiable.  

Consent – where a data subject actively agrees to have their data processed for explicit reasons. This must involve a positive ‘opt-in’ and not a pre-ticked box.

Data audit – a data audit should be the first step for schools looking to become compliant. A data audit identifies every point where a school processes personal data.

Data controller – the party who determines what data is collected, how it is used and the way in which it is processed.

Data processor – acting on behalf of the controller, the data processor is responsible for processing data.

Data protection by design – the consideration of data protection within all projects and developments within a school from the outset.

Data Protection Impact Assessment (DPIA) – this is a process that should be carried out when introducing new technologies and if data processing is likely to put individuals’ rights and freedoms at high risk. For a school, this could mean the large-scale processing of special category or criminal record data. More details can be found on ICO's DPIA document

Data protection officer (DPO) – a DPO must be appointed as a school will likely be either or both a public authority or a large-scale processor of special category data.

Data subject – the individual on which an organisation holds personal data.

Derogations – see "exemptions".

Encrypted data – a means of encoding data using a key which renders it accessible only to users with that key.

Exemptions – these can be introduced by member states in some circumstances, but must still respect the individual’s freedoms and have significant grounds. More details can be found on ICO’s exemptions document.

ICO – the Information Commissioners Office. ICO is a UK body set who uphold information rights. ICO enforces GDPR in the UK.

Individual rights – enhanced under GDPR, the rights of the individual are listed as the right to be informed, to access, to rectification, to erasure, to restrict processing, to data portability, to objection and rights in relation to automated decision making and profiling. More details can be found on ICO’s individual rights documents.

Lawful basis ­– required for the processing of personal data, one of six lawful bases must be met before processing begins.

Personal data – is data that can be directly or indirectly linked to an individual, whether that be by name or an alternative identifier such as ID number or location information.

Personal data breach – refers to ‘a breach of security that leads to destruction loss, alteration, unauthorised disclosure of, or access to, personal data.’ (ICO)

Privacy Impact Assessment – see "Data Protection Impact Assessment".

Processing – any operation or set of operations performed on personal data, whether that operation is automated or not. That includes collecting it, organising it, structuring it, storing it and retrieving it. 

Profiling ­– automated processing of personal data to make decisions or evaluations on the data subject.

Sensitive personal data – also known as special category data, this data is deemed to be more sensitive and therefore requires enhanced levels of protection.

Subject access request (SAR) – can be submitted to organisations by data subjects in accordance with the individual rights (above).

Register to continue reading for free

It only takes a moment and you'll get access to more news, plus courses, jobs and teaching resources tailored to you

Simon Lock

Simon Lock

Simon Lock is Tes senior digital editor

Find me on Twitter @simon_lock_

Latest stories

FE White Paper: We can't welcome it – here's why

Why we shouldn't welcome the FE White Paper

The new Skills for Jobs White Paper put colleges at the centre of an underfunded, narrow, skills-based and business-led plan, writes Sean Vernell
Sean Vernell 25 Jan 2021
Covid in schools, GCSEs 2021, teacher safety: LIVE

Coronavirus and schools: LIVE 25/1

A one-stop shop for teachers who want to know what impact the ongoing pandemic will have on their working lives
Tes Reporter 25 Jan 2021