To help organisations prepare for the impact of the General Data Protection Regulation (the GDPR), we have prepared a handy jargon buster to explain, in layman’s terms, some of the language used.

Key terms under the GDPR

Article 29 Working Party

“Article 29 Working Party” means the advisory body consisting of representatives from EU Member States supervisory authorities together with the European Commission and the European Data Protection Supervisor, which issues guidelines on the implementation and application of EU data protection law. This body will become the ‘European Data Protection Board’.

Consent

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Controller

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Personal data

“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’) such as a name, an identification number, location data or an online identifier.

Processing

“Processing” means anything that is done to or with personal data such as collection, recording, organising, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Processor

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Personal data breach

“Personal data breach” means a security breach which leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

Special categories of personal data

“Special categories of personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership as well as genetic data, biometric data, health data or data concerning a natural person's sex life or sexual orientation.

Supervisory authority

“Supervisory authority” means an independent public authority which is established by a Member State pursuant to Article 51.