Key Definitions and Concepts

Key Definitions and Concepts

4. Data Controller

2. Sensitive Personal Data

1. Personal Data

3. Data Subject

5. Data Processor

Key Definitions and Concepts....

6. Data Protection Officer(DPO)

8. Pseudonymisation

7. Profiling

10. Data Protection by Design and by Default

9. Data Minimisation

11. Processing Conditions

Pseudonymisation is the method of processing data which means that personal data no longer identifies a specific individual. For example, certain parts of the data are replaced by artificial data or are translated into a coded form. This processing can be done through hashing or encryption. Hashing causes characters to become shorter in value, such as a number. For example, “John Doe received voucher in the amount of x” can be pseudonymised to “Recipient 2677 received voucher in the amount of x”. When using forms of pseudonymisation, the ‘key’ for decoding the information is held separately and securely to prevent unauthorised or inadvertent re-identification of the coded data.

Data Processor The data processor is the person or organisation processing the personal data for the data controller. If the person or organisation is using, acquiring or holding the data then they are the processor. Two organisations can process data for a single data controller; for example, one organisation may analyse and the other may store the data. Both are still considered the data processor. Data processors are required to comply with legal obligations and are accountable for their own compliance.