2. DPA Terminology

There are a number of terms that are often used when discussing the DPA. You must be familiar with them:

Personal Data

Personal data covers both facts and opinions about a living individual.

Data Subject

This is the person that the data is being collected from or stored about. This could be you!

Data Processor / Data User

A data processor/ user is someone who accesses, uses and processes personal data as part of their jobs. This could be a customer service advisor who needs to look at a customer's account so that they can answer a query. It might be a school secretary who needs to look up contact details for a particular student.

Data Controller

This is often the person in charge of the organisation - but it doesn't necessarily have to be. This person decides what data the organisation needs to collect and what it will be used for. This is the person who must apply for permission to collect and store data in the first place. The Data Controller is responsible for ensuring that any collection, storage and processing of data is done in accordance with the DPA.

Information Commissioner

This is the person who has overall responsibility for enforcing the Data Protection Act across the UK.

This is the person that organisations need to apply to in order to gain permission to collect and store personal data.

The Information Commissioner provides advice to companies and to the Government about issues related to the DPA. They also investigate complaints that are raised about any issues related to the DPA.