Try out and test our new website!

General Data Protection Regulation (GDPR) Terminology


The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. In the DPA 1998 this was a 'Data Controller'.

Data Protection Officer (DPO)

GDPR introduces a duty for you to appoint a data protection officer (DPO) if you are a public authority, or if you carry out certain types of processing activities. A DPO is an independent expert on data protection who works to ensure an organisation is adhering to the requirements of GDPR.

Information Commissioner's Office (ICO)

UK’s independent supervisory authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Personal Data

Any information relating to an individual (‘data subject’); who can be identified, directly or indirectly, from the information. In particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

Personal Data Breach

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.


Any operation, or set of operations, which is performed on personal data or on sets of personal data, whether or not by automated means. Examples include: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction. erasure or destruction.


A natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller. In the DPA 1998 this was a 'Data Processor'.