Definitions
Consent of the data subject
Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Controller
The person, company, public authority (i.e. the Service), agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Protection Act 2018
The current UK legislation governing data protection
Data subject
An individual who is the subject of personal data
Information commissioner (ICO)
The UK’s independent body responsible for monitoring the Data Protection Act, see www.ico.org.uk
Personal data
Any information relating to an identified or identifiable human being (‘data subject’). An identifiable human being is one who can be identified, directly or indirectly, in particular by reference to their:
- name
- address
- telephone numbers
- identification numbers, such as Payroll number, Service number or National Insurance number
- recordings, photographs or reproductions of a person’s voice, likeness or image
- bank account numbers
- medical records, attendance and sickness records
- online identifiers (e.g. username or cookie).
or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Special categories of personal data
This includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Processing
Data processing is the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
Processor
A person, company, public authority, agency or other body which processes personal data on behalf of the controller;
Third-party
A person, company, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.