Cookies on Legislation.gov.uk

The cookies on legislation.gov.uk do two things: they remember any settings you've chosen so you don't have to choose them on every page, and they help us understand how people browse our website, so we can make improvements and fix problems. We need your consent to use some of these cookies.

Search Legislation

Advanced Search

Data Protection Act 2018

Contents

Annex A – Glossary

Affirmative procedure Statutory instruments that are subject to the "affirmative procedure" must be approved by both the House of Commons and House of Lords to become law.
Article 29 working party The group of expert persons who advise member states on data protection. The group was established under Article 29 of European Data Protection Directive (Directive 95/46/EC) and is made up of a representative from the data protection authority of each Member State, the European Data Protection Supervisor and the European Commission. The Commissioner is the UK’s representative on the working party.
Convention 108 Council of Europe Convention for the protection of Individuals with regard to Automatic Processing of Personal Data.
Modernised Convention 108 The modernised Convention for the Protection of Individuals with Regard to the Processing of Personal Data, as adopted by the Committee of Ministers of the Council of Europe on 18 May 2018.
Data controller A "data controller" is responsible for complying with data protection law. They are defined in Article 4 of the GDPR as the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data processor A ‘data processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
DPIA Data protection impact assessment
DPO Data protection officer
ECHR European Convention on Human Rights
EU European Union
EEA European Economic Area
GDPR General Data Protection Regulation ((EU) 2016/679)
LED Law Enforcement Directive
ICO Information Commissioner’s Office
Negative procedure Statutory instruments that are subject to the "negative procedure" automatically become law unless there is an objection from the House of Commons or House of Lords.
PECR Privacy and Electronic Communications (EC Directive) Regulations 2003 (S.I. 2003/2426)
Personal data "Personal data" is defined in Article 4 of the GDPR as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing data "Processing" includes obtaining, recording, holding, using, disclosing or erasing data.
TFEU Treaty on the Functioning of the European Union
The 1995 Directive European Data Protection Directive (Directive 95/46/EC)
The 1998 Act Data Protection Act 1998
The 2000 Act Freedom of Information Act 2000
The 2016 Act Investigatory Powers Act 2016
The Commissioner The Information Commissioner

Back to top