Data Protection Glossary

Essential Terms You Need to Know

Stack of books

In a recent blog, we spoke with Joe Kirk, our Business Development Executive, to help DPOs better understand acronyms commonly used in data protection. We’ve tapped into his expertise again, breaking down popular terms for anyone interested in data protection and GDPR. Keep reading to uncover our glossary below.

30 Popular Data Protection Terms Explained 

  1. Accountability

Accountability includes demonstrating and documenting compliance with handling personal data with data protection laws in mind.

  1. Adequacy Decision

An adequacy decision is an EU determination of whether a non-EEA country provides an appropriate level of data protection for data transfers.

  1. Age Appropriate Design Code of Practice (AADCOP)

AADCOP is an extension of the Data Protection Act (2018) that applies to how organisations use children’s data in compliance with data protection law. This code includes 15 standards that keep a child’s best interests in mind when designing and building online services for children.

  1. Appropriate Policy Document (APD)

An APD is a compliance record for how an organisation processes special category and criminal offence data. It also outlines details of how the data will be safeguarded when handled.

  1. Conditions for Consent

Processing personal data must be met with consent. All businesses should have specific conditions for consent to be authorised under data protection laws.

  1. Cookies

Cookies are small pieces of your data that organisations store when entering their website. Essential cookies are needed for site functionality, such as remembering your login credentials. Non-essential and third-party cookies are optional and used for tracking and advertising purposes.

  1. Criminal Conviction Data

Due to its sensitivity, conviction data is subject to strict processing conditions under schedule 1(3) of the Data Protection Act (2018).

  1. Data Controller

A data controller is an entity or person responsible for determining how and why personal data is processed. They are legally obligated to comply with data protection laws.

  1. Data Processor

A data processor is an entity that processes personal data on behalf of a data controller. They must comply with data protection laws and follow the controller’s instructions.

  1. Data Processing Agreement (DPA)

A DPA is a contractual agreement between a data processor and a controller. It outlines the rights and obligations of processing personal data for professional purposes.

  1. Data Protection

Data protection refers to the practices and measures to protect individuals’ data from unlawful processing or access.

  1. Data Protection Act (2018)

A UK law that governs the processing of personal data, acting as the UK’s addition to GDPR.

  1. Data Protection Audits

A data protection or GDPR audit thoroughly analyses whether an organisation complies with applicable data protection requirements. The GDPR audit highlights potential weaknesses and provides steps for improving its data protection system.

  1. Data Protection Training and Awareness

Specialist training surrounding data protection, GDPR and ways to apply it in a workplace. Example courses include data protection training for beginners and GDPR compliance management certification for DPOs.

  1. Data Protection Impact Assessment (DPIA)

A DPIA is an assessment conducted to identify and mitigate data protection risks in any data processing activity.

  1. Data Protection Officer (DPO)

A DPO is responsible for maintaining an organisation’s compliance with data protection laws and acts as a central point of contact for data protection challenges.

  1. Data Protection Principles

These are the fundamental rules governing the lawful processing of personal data, including principles of fairness, purpose and data minimisation.

  1. Data Sharing Agreement

A data sharing agreement is a contractual provision when data controllers share personal data. These set out the purpose, standards and processes for data sharing.

  1. Direct Marketing

Direct marketing is a method of advertising products or services directly to individuals using their data. This advertising is subject to specific data protection rules.

  1. Exemptions From the UK GDPR

Schedule 2 of the Data Protection Act (2018) outlines specific exclusions from GDPR obligations for varying reasons, such as national security or crime prevention.

  1. Information Governance Framework

A framework outlines the policies and procedures for how an organisation handles information, including personal data, in compliance with data protection laws.

  1. Information Rights Requests

Individuals make requests to access their data, correct inaccuracies, or object to how their data is processed. These are commonly known as subject access requests (SARs).

  1. Personal Data Breach

A personal data breach is a security incident where confidential data is accessed, disclosed or destroyed without authorisation. By law, organisations must report breaches to the individuals and the Information Commissioner’s Office (ICO) within 72 hours.

  1. Privacy and Electronic Communications Regulations

The Privacy and Electronic Communications Regulations (PECR) is another regulation that works alongside the Data Protection Act (2018) and the UK GDPR. PECR includes specific privacy rights for electronic messaging, including marketing calls, emails and text, cookies and more.

  1. Privacy by Design and Default

These principles emphasise integrating data protection measures into the design of systems, products and services from the outset.

  1. Record of Processing Activities (ROPA)

A ROPA document details an organisation’s data processing activities to ensure transparency and compliance with data protection regulations.

  1. Restricted Transfers

These are restrictions on transferring personal data outside the European Economic Area (EEA) to countries without an adequacy decision.

  1. Special Category Data

 In Article 9 of GDPR, special category data refers to sensitive personal data, including health information. These data types are subject to stricter conditions.

  1. Security of Processing

Security of Processing involves protecting personal data from breaches and unauthorised access during processing.

  1. UK GDPR

The UK General Data Protection Regulation (GDPR) is the UK’s edition of the EU GDPR, governing data protection post-Brexit.

Stay GDPR Compliant with Data Protection People 

At Data Protection People, we work with organisations to simplify data protection. We offer various data protection and information security services, including compliance audits, GDPR support desk and SARs support.

Contact the team to learn more about how we can help you.