Publication
Publication
A glossary terms used in Data Protected is set out below.
means a set of binding rules adopted by an organisation and approved by national data protection regulators to ensure the protection of personal data in multiple jurisdictions.
means that the processing is: (a) carried out with the data subject’s consent; (b) necessary for the performance of a contract with the data subject; (c) necessary for compliance with a legal obligation; (d) necessary in order to protect the vital interests of the data subject; (e) necessary for the public interest or in the exercise of official authority; or (f) necessary for the controller’s or recipient’s legitimate interests, except where overridden by the interests of the data subject (Article 6, GDPR).
means the processing: (a) is carried out with the data subject’s explicit consent; (b) is necessary for a legal obligation in the field of employment law; (c) is necessary to protect the vital interests of the data subject or another person where the data subject is unable to give consent; (d) is carried out by a non-profit-seeking body and relates to members of that body or persons who have regular contact; (e) relates to data made public by the data subject; (f) is necessary for legal claims; (g) is for reasons of substantial public interest under EU or Member State law; (h) is necessary for healthcare reasons; (i) is necessary for public health reasons; or (j) is necessary for archiving, scientific or historical research purposes or statistical purposes and is based on EU or Member State law (Article 9 GDPR).
means the person which alone or jointly with others determines the purposes and means of the processing of personal data (Article 4, GDPR).
means the now repealed Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
means an individual about whom personal data is being processed.
means: (a) clear identification of commercial communications, and unsolicited commercial communications, as such; (b) clear identification of the natural or legal person on behalf of whom a commercial communication is made; (c) promotional offers, competitions and games are clearly identified (including conditions for participation) and the relevant email does not encourage recipients to visit websites that contravene these requirements.
means the contract with the processor contains a description of scope, nature, duration and purpose of processing, and details of types of personal data and categories of data subjects. The contract must also oblige the processor to: (a) only process personal data on the documented instructions of the controller, including as regards international transfers. There is an exception for obligations under Union or Member State law, but the processor must inform the controller (unless prohibited from doing so); (b) ensure its personnel are subject to a duty of confidence; (c) keep the personal data secure; (d) only use a sub-processor with the consent of the controller. That consent may be specific to a particular sub-processor or general. Where the consent is general, the processor must inform the controller of changes and give them a chance to object; (e) ensure it flows down these obligations to any sub-processor. The processor remains responsible for any processing by the sub-processor; (f) assist the controller to comply with requests from individuals exercising their rights to access, rectify, erase or object to the processing of their personal data; (g) assist the controller with their security and data breach obligations, including notifying the controller of any personal data breach; (h) assist the controller should the controller need to carry out a privacy impact assessment; (i) return or delete personal data at the end of the agreement, save to the extent the processor must keep a copy of the personal data under Union or Member State law; (j) demonstrate its compliance with these obligations and submit to audits by the controller (or by a third party mandated by the controller); and (k) inform the controller if, in its opinion, the controller’s instructions would breach Union or Member State law (Article 28, GDPR).
means the provision of: (a) your identity, contact details and details of your representative (if any); (b) the contact details of your data protection officer (if any); (c) the purpose and legal basis of processing (where legitimate interests is relied upon, details of those interests); (d) the right to withdraw consent if this is the basis for any processing; (e) the categories of personal data processed and the source of the personal data, including use of public sources; (f) the recipients or categories of recipients of personal data; (g) details of any intended transfer outside the Union (including details of any safeguards relied upon and the means to obtain copies of transfer agreements); (h) the period for which data will be stored or the criteria used to determine this period; (i) a list of the individual’s rights, including the right to object to direct marketing, make a subject access request, and to be “forgotten”; (j) details of any automated decision making, including details of the logic used and potential consequences for the individual; (k) whether provision of personal data is a statutory or contractual requirement, whether disclosure is mandatory and the consequence of not disclosing personal data; and (l) the right to complain to a supervisory authority. The information in (e) need not be provided where personal data collected from the data subject. The information in (k) need not be provided where the personal data is collected from a third party (Article 13 &14, GDPR).
means Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
means personal data must be: (a) processed fairly and lawfully; (b) collected for specific, explicit and legitimate purposes and not processed in a manner incompatible with those purposes; (c) adequate, relevant and not excessive; (d) accurate and, where necessary, up to date; (e) kept in an identifiable form for no longer than necessary; and (f) kept secure (Article 5, GDPR).
means Directive (EU) 2016/680 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA.
means the contractual clauses set out in Commission Implementing Decision (EU) 2021/914.
means Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union.
means Directive 2002/58/EC of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector as amended by the Citizens' Rights Directive 2009/136/EC.
means a person which processes personal data on behalf of a controller (Article 4, GDPR).
applies where a person collects a customer’s e-mail details in connection with a sale of a product or service and uses these contact details for direct marketing of its own similar products or services provided that customers are given the opportunity to object to such use of electronic contact details when they are collected and on the occasion a message is sent.
means personal data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.
means: (a) in the case of an EEA State, the transfer of personal data from a destination within the EEA to a destination outside of the EEA; and (b) in the case of other States, a transfer of personal data from within that State to any another State.
means countries that the Commission has found to provide an adequate level of protection for personal data, namely Andorra, Argentina, Canada (partially), the Faroe Islands, Guernsey, Israel, the Isle of Man, Japan, Jersey, New Zealand, the Republic of Korea, Switzerland, the UK, the US (in respect of members of the Data Privacy Framework) and Uruguay.
Contents