As GDPR looms in May 2018, we’ve put together a useful blog to help you understand the terms used in the legislation, and how it may affect you. At Callimedia we run GDPR workshops, so if your team needs an overview of what’s coming and how you can improve your marketing and data management as a result, just get in touch.
What terms do I need to understand?
Data Controller is the organisation that determines the use, purpose and processes around the data. It’s better to make this an actual company, instead of an employee, as employees will change.
Data Protection Officer is the responsible person who ensures compliance, Anyone CAN appoint a DPO, but you only have to have one under the following circumstances:
- you’re a public authority
- you’re an organisation that carries out large scale, systematic online behavioural tracking
- you process special categories of data sets or criminal records
Data Processor is anyone that processes data for an on behalf of the Data Controller, who is not an employee. For example, an agency, or a mailing house or a fundraising contractor who cold calls for you. The Data Controller is liable for the Data Processor activities.
Data Subjects are the people who’s data you hold
Personal Data is what the Act covers, i.e. data that relates to an individual as opposed to a company.
Sensitive Personal Data is data that is subject to much higher levels of protection, such as racial or ethnic origin, religious beliefs, physical or mental health, trade union and political memberships, criminal records and offences and information about the subjects sexual life.
Data Protection Risk Register is the document and process that should exist in your Charity – i.e. how you have identified weak spots and how you plan to mitigate the associated risks.
Data Protection Policy is where you capture how you handle data and protect it.