Personal data
Any information relating to a living person that could be used to directly or indirectly identify that person.
Special category data
Special category data is personal data which is more sensitive, and so needs more protection. This could be:
- Race and ethnicity
- Sex life or sexual orientation
- Medical information (both physical and mental health)
- Religious or philosophical beliefs
- Biometric data (thumb prints etc)
- Genetics (DNA etc)
- Trade union membership
- Political beliefs
Information related to criminal convictions and safeguarding will also be treated within this category.
Data controller
An organisation or individual that determines why personal data is collected and is responsible for the security of that data.
Data processor
An organisation or individual (not an employee) who uses personal data on behalf of the data controller (i.e a contractor).
Data processing
Any action taken with personal data. This includes the collection, use, disclosure, destruction and holding of data.
Data subject
A living person who the personal data is about.
Data protection officer
The role of the Data Protection Officer (DPO) is to ensure that their organisation processes the personal data in compliance with data protection legislation.
Consent
A freely given choice about how personal data is used in an organisation (for example opting in to receive a newsletter).