Key GDPR terms to remember

Forget the January Blues…

It’s Back-to-Work Brain you need to worry about!

Have you noticed it too?

No, we don’t mean December already being a distant memory or 2018 being well under way. It’s something more than that. Everyone’s beavering away again, yet something’s not quite right…

It’s called Back-to-Work Brain and, thankfully, it seems to have affected quite a few of us.

You know you’ve got it if your brain feels like it’s still on holiday, a little rusty from underuse, and possibly in need of a further rest after too many festive late nights and NYE overindulging. Either way, it means getting back into full-on work mode hasn’t been easy.

So, if it’s been a struggle to get going again for your everyday job, we can only imagine what’s it’s like trying to remember any details about GDPR – which is why we’ve laid on a quick refresher session below for you.


Here are our Top Ten GDPR Phrases and Definitions (plus a few extras) to get you up and running again:

  1. GDPR

Let’s start with the basics: GDPR stands for General Data Protection Regulation, it’s the new law in town, and comes into effect on 25th May 2018.

It’s not to be confused with Goring & Didcot Pirates’ Regatta (which usually takes place in July sometime and probably has revellers bellowing “GDP-aRRRRRRR!” at every opportunity).

  1. ICO

This is the Information Commissioner’s Office and requires every Data Controller (see #3) processing personal information (see #7 and #8) to register with them, unless exempt. Whilst very helpful and supportive, it’s probably not a good idea to get on the wrong side of the ICO.

  1. Data Controller

This is usually the organisation (or individuals acting on behalf of the organisation) responsible for determining how and why any personal data stored is processed (see #5).

  1. Data Processor

When used in relation to personal data (see #7 and #8), this refers to any person (other than employees of the data controller/organisation) who processes the data (see #5) on the data controller’s behalf (e.g. an external agency providing services for the data controller and with access to its customer data).

  1. Data Processing

This involves any processes to do with the data – from collecting, holding, and organising it to altering, updating, and analysing it; and from retrieving, disclosing, transmitting, and sharing it to withholding, blocking, erasing, and destroying it. It’s so much more than just typing it in…

  1. Data Protection Officer (DPO)

A DPO is an (often mandatory) appointed role within the organisation, and required by the GDPR to implement and monitor the organisation’s data protection strategy in line with GDPR compliance requirements. It’s nothing to do with a well-spoken robot from Star Wars.

  1. Personal Data

This is information held by the data controller related to a living individual, and who can then be identified from it (such as their name, address, date of birth, or IP address). It also covers any other information that includes any expression of opinion about the individual, and any indication of the data controller’s intentions or those of others towards that individual.

  1. Sensitive Personal Data

This is information on an individual’s ethnicity or racial origin, political opinions, religious beliefs, trade union status, physical or mental health, sexual orientation, criminal record, and genetic or biometric data.

  1. Consent

This is the person’s freely-given, active agreement for his/her personal data to be processed (see #5). If you currently rely on consent as your legal basis for processing personal data, you must check that it’s still valid under GDPR (and be able to demonstrate that). Say goodbye to small-print, pre-ticked boxes…

  1. Data breach

Okay, here we go: according to the ICO, this is a “breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a public electronic communications service.”

Pretty wide-ranging, then, not particularly great if it happens, and likely to result in a big fine. Just ask Uber, TalkTalk, or Carphone Warehouse.

  1. Oh Dear

An example of words uttered soon after #10 is discovered. These are potentially followed by more words that we can’t write here, and which we believe could be Anglo-Saxon in origin.

  1. Databasix

This is the term used to describe the bringing together of people and data, usually as part of a winning combination. It’s a bit like gin and tonic, Lennon and McCartney, and teaching the world to sing in perfect harmony.


So, there you have it: an aide memoire to kick-start 2018 and get you back in the GDPR groove.

We hope it helped, and without us sounding too much like we’d swallowed a dictionary. And remember, if you need any more assistance, feel free to get in touch.

Now, it’s back to more Databasix work and the next thing we had written down on our To Do list. Which we have around here somewhere. We think…

See, we told you it wasn’t easy.

Until next time…