|
|
Definition
Glossary
The following definitions clarify key data protection terms within the context of the School:
-
Data: Information processed automatically, recorded with the intention of being part of a relevant filing system, or recorded as part of such a system.
-
Data Breach: A breach of security leading to the destruction, loss, alteration, unauthorised disclosure, or access to personal data.
-
Data Controller: The individual or entity that determines the purposes and means of processing personal data. For the School, this is the institution itself.
-
Data Processor: An individual or entity that processes personal data on behalf of the Data Controller, following their instructions. Data Processors have specific obligations under legislation.
-
Data Protection Act 2018 (DPA): The UK legislation that sets the data protection framework, working alongside the UK GDPR.
-
Data Protection Impact Assessment (DPIA): An assessment conducted by the Data Controller to evaluate the impact of proposed data processing on personal data protection.
-
Data Protection Officer (DPO): An individual appointed under the DPA to oversee compliance, provide advice, and liaise with the supervisory authority. Contact the DPO at dataprotection@theSchool.ac.uk.
-
Data Subject: An identifiable natural person, directly or indirectly identifiable by identifiers such as a name, identification number, or online identifier. This includes staff, students, visitors, research participants, mailing list subscribers, and applicants.
-
Data Subject Access Request (DSAR): A request made by or on behalf of a Data Subject to access their personal data as granted under data protection legislation.
-
General Data Protection Regulation 2018 (GDPR): Applies to organisations within the EU and those outside the EU that offer goods or services to EU individuals. From 1 January 2021, this is mirrored in the UK by the UK GDPR, alongside the DPA 2018.
-
Inaccurate Data: Data that is incorrect or misleading as to a matter of fact.
-
Notification: The entry on the public register maintained by the Information Commissioner’s Office detailing the types and range of information processed by the School. The School’s registration number is Z5395727.
-
Personal Data: Any information relating to an identified or identifiable natural person, including identifiers such as names, contact details, or identification numbers. Personal data can be in various formats, including paper, electronic, emails, photos, or videos.
-
Privacy Notice: A statement provided to data subjects explaining who the Data Controller is, how their information will be used, to whom it may be disclosed, and other necessary information to ensure fair processing, as outlined in Articles 13 and 14 of the UK GDPR.
-
Processing: Any operation performed on personal data, including obtaining, recording, holding, organising, adapting, altering, disclosing, or deleting data.
-
Protective Measures: Appropriate technical and organisational measures to safeguard personal data, such as pseudonymisation, encryption, ensuring system resilience, and regularly evaluating these measures.
-
Special Category Data: Data related to:
- Racial or ethnic origin
- Political beliefs
- Religious or similar beliefs
- Trade union membership
- Genetics
- Biometrics (used for identification)
- Physical or mental health or condition
- Sex life or sexual orientation
Note: Data protection rules for sensitive (special category) data do not apply to criminal allegations, proceedings, or convictions. Separate safeguards are outlined in Article 10.
For further details on key definitions, visit the ICO's guide: ICO Key Definitions
Understanding these key definitions ensures that all members of the School are aware of their data protection obligations and the terminology used in data management. This clarity helps in the correct handling of personal data, compliance with legal requirements, and effective communication regarding data protection matters. Accurate definitions are essential for implementing appropriate measures to protect personal data and to respond correctly to data breaches and other data protection issues.
|
|