Sectoral Employer Order - We can Help!

Click here for more...

CWPS celebrating 50 years providing pensions to construction and related industries – Join us today

Click here for more...

Are you looking for a pension scheme for your employees? - CWPS can help

Click here for more...

Are you ready for the retirement you want? - AVC’s the smart way to save for your retirement

Click here for more...

Sick Pay benefit paid to active members

Click here for more...


GDPR Jargon Buster

15/06/2018 Posted by | Comments(0)
GDPR Jargon Buster


The General Data Protection Regulation (GDPR) is only around the corner for all organisations that process the data of EU citizens and yet it can be difficult to understand some of the confusing terminology referenced in the legislation. In this article, we have put together a useful GDPR jargon buster to help you understand some of the key language used.

Personal Data

The GDPR has a broader definition of what constitutes personal data. It is any information relating to an identified or identifiable natural person that can be used directly or indirectly to identify the person e.g. name, identification number, location data or online identifier.

Data Controller

A legal individual, public authority, agency or body that, alone or jointly with others, determines the purposes and methods of processing personal data.

Data Processor

A legal individual, public authority, agency or body that, which processes personal data on behalf of the controller.


Any operation performed on personal data, whether or not by automated means, including collection, use, recording etc.


Informed, unambiguous, freely given, specific and explicit consent by statement or action from the data subject to have data relating to him/her processed.


This is a new principle under GDPR and means that organisations must have clear documentation and recording procedures in place to prove that your organisation meets the required standards.

Data Breach

A breach of security leading to the destruction, loss, alteration, unauthorised disclosure, of or access to, personal data.

Special Categories of Personal Data

Data concerning the racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, data concerning health or sex life or sexual orientation of an individual.

Data Protection Officer

A representative for the data controller/data processor who oversees data protection compliance and is a data privacy expert. Under GDPR, not all organisations have a requirement to appoint a Data Protection Officer.

Data Subject

The data subject is the individual the personal data is in relation to.

Supervisory Authority

The independent public authority who will be enforcing GDPR. In Ireland this will be the Data Protection Commissioner.


A process to make personal data no longer attributable to a single data subject without the use of additional data. Additional data must be separate to ensure non-attribution.

Privacy by Design

The inclusion of data protection from the onset of designing of systems, rather than an addition/afterthought.

Privacy Impact Assessment

A method of identifying and reducing privacy risks for individuals when undertaking new projects handling personal data.

Biometric Data

Data that enables the identification of a data subject. It can include behavioural and physical characteristics of that person e.g. facial image.

Encrypted data

The protection of personal data through technological measures to ensure that data is only accessible/readable by those with appropriate permission.

For further information please visit the Data Protection Commissioner's website click here or the UK Information Commissioners office website click here.

Lorraine Valentine

Lorraine Valentine


Add a Comment

Notify of New Replies:
Add a new comment:

RSS feed RSS Feed

Cookie Preferences