Annex A – Glossary
|
Affirmative procedure |
Statutory instruments that are subject to the "affirmative procedure" must be approved by both the House of Commons and House of Lords to become law. |
|
Article 29 working party |
The group of expert persons who advise member states on data protection. The group was established under Article 29 of European Data Protection Directive (Directive 95/46/EC) and is made up of a representative from the data protection authority of each Member State, the European Data Protection Supervisor and the European Commission. The Commissioner is the UK’s representative on the working party. |
|
Convention 108 |
Council of Europe Convention for the protection of Individuals with regard to Automatic Processing of Personal Data. |
|
Data controller |
A "data controller" is responsible for complying with data protection law. They are defined in Article 4 of the GDPR as the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. |
|
Data processor |
A ‘data processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller |
|
DPIA |
Data protection impact assessment |
|
DPO |
Data Protection Officer |
|
ECHR |
European Convention on Human Rights |
|
EU |
European Union |
|
EEA |
European Economic Area |
|
GDPR |
General Data Protection Regulation |
|
LED |
Law Enforcement Directive |
|
ICO |
Information Commissioner’s Office |
|
Negative procedure |
Statutory instruments that are subject to the "negative procedure" automatically become law unless there is an objection from the House of Commons or House of Lords. |
|
Personal data |
"Personal data" is defined in Article 4 of the GDPR as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
|
Processing data |
"Processing" includes obtaining, recording, holding, using, disclosing or erasing data. |
|
TFEU |
Treaty on the Functioning of the European Union |
|
The 1998 Act |
Data Protection Act 1998 |
|
The 2014 Regulations |
Criminal Justice and Data Protection (Protocol No. 36) Regulations 2014 (SI 2014/3141) |
|
The 2000 Act |
Freedom of Information Act 2000 |
|
The 2016 Act |
Investigatory Powers Act 2016 |
|
The Commissioner |
The Information Commissioner |