GDPR definitions

Definitions of some of the terms used in Data Protection legislation.

Data processing

Data processing is any action taken with personal data.  This includes the collection, use, disclosure, destruction and holding of data as well as reading, amending, storing and deleting data.

Data subject

A data subject is an individual who is the subject of personal data. For example, we hold personal data about students, making each student a data subject under the terms of the legislation.

Personal data

Data protection legislation applies only to personal data about a living, identifiable individual. 

That living individual must be identifiable, either directly or indirectly, usually through a so-called identifier (such as name, identification number, GPS location data or online identifiers such as a computer IP address).

'Directly identifiable' means identifiable from the information itself, for example, a name together with an address, age, telephone number.

Indirectly identifiable means not identifiable from the information itself, but from the information combined with data from another easily available source.

Examples of personal data: name, identification number (e.g. National Insurance Number, staff number), online identifier (e.g. IP address, cookie identifier).

Relevant links

More GDPR-related definitions

Information Commissioner's Office personal data definitions