2. DPA Terminology

There are a number of terms that are often used when discussing the DPA. You must be familiar with them:

Personal Data

Personal data covers both facts and opinions about a living individual.

Data

In the context of the DPA, this has a slightly different meaning to the term 'data' that you learned about at the beginning of the course. Here it means anything which is part of a record about an individual for example, Date of Birth, name, NI number. Data can be held on paper or on a computer.

Processing

This covers the collection and storage and processing of personal data. The processing can include searching records, sorting data into order, comparing one record with another, altering the data, passing the data onto another party and removing it from the system.

There are also terms used to describe specific roles or responsibilities of people under the DPA. You must be able to explain the following terms:

Data Subject

This is the person that the data is being collected from or stored about. This could be you!

Data Controller

This is often the person in charge of the organisation - but it doesn't necessarily have to be. This person decides what data the organisation needs to collect and what it will be used for. This is the person who must apply for permission to collect and store data in the first place. The Data Controller is responsible for ensuring that any collection, storage and processing of data is done in accordance with the DPA.

Data Processor

Data is often processed by third parties who are not part of the Data Controller's organisation. These data processors are usually hired by the Data Controller to process the data for a specific task. Even though they are not directly a part of the Data Controller's organisation, the Data Controller is responsible for ensuring that they process the data in accordance with the DPA.

Recipient

This is any person who is employed to to access, use or process personal data as part of their job. This could be a secretary who needs to look up your address so that they can send a letter home to your parents. It could be your doctor who needs to know what allergies you have before prescribing you medicine. The recipient might work directly for the Data Controller or might be employed by a third party who has been hired to process the data.

Information Commissioner

This is the person who has overall responsibility for enforcing the Data Protection Act across the UK.

This is the person that organisations need to apply to in order to gain permission to collect and store personal data.

The Information Commissioner provides advice to companies and to the Government about issues related to the DPA. They also investigate complaints that are raised about any issues related to the DPA.