Key Terms and FAQ

What is Data Protection?

Data protection refers to the practices, policies, and legal frameworks that safeguard personal data from misuse, loss, or unauthorized access.

What is Sensitive Personal Data?

Sensitive personal data is a subset of personal data that requires more protection becuse of its nature. This includes information about racial or ethnic origin, political opinions, religious beliefs, health data, and sexual orientation.

What is a Data Subject?

A data subject is an individual whose personal data is being processed. Data subjects have specific rights regarding their data, including the right to access, rectify, and erase their information.

What is a Data Controller?

A data controller is an entity (individual or organization) that determines the purposes and means of processing personal data.

What is a Data Processor?

A data processor is an entity that processes personal data on behalf of the data controller. They act under the instructions of the data controller and do not have the authority to make decisions about the data.

What is Data Minimization?

Data minimization is a principle that encourages organizations to collect only the personal data that is necessary for a specific purpose. This is to reduce the risk of exposure and misuse.

What is GDPR?

The General Data Protection Regulation (GDPR) is an EU law designed to protect personal data and privacy.

What is the Data Protection Act (DPA)?

The DPA 2018 is UK legislation that complements GDPR, outlining specific data protection rules in the UK.

Does GDPR apply to small businesses?

Yes, GDPR applies to all businesses, regardless of size, that process personal data of UK or EU citizens.

What are data subjects rights under GDPR?

Data subjects have rights like access, rectification, erasure, data portability, and the right to object to processing.

What is considered personal data?

Personal data includes any information that could identify a person, such as names, email addresses, or IP addresses.

What are the penalties for non-compliance with GDPR?

Fines can reach up to £17.5 million or 4% of annual global turnover, whichever is higher.

What is a data breach?

A data breach occurs when personal data is accessed, disclosed, or lost without authorization, intentionally or accidentally.

How should SMEs handle data breaches?

SMEs must report data breaches to the ICO within 72 hours if they pose a risk to individuals and notify affected individuals.

What is online privacy?

Online privacy involves protecting individuals personal data and communications while they use the internet.

What is cyber security?

Cyber security refers to protecting systems, networks, and data from digital attacks, theft, or damage.

What are common cyber threats for SMEs?

Common threats include phishing, ransomware, malware, and data breaches.

How can SMEs improve cyber security?

SMEs can improve security by using strong passwords, installing firewalls, updating software, and providing employee training.

What is the ICO?

The Information Commissioner’s Office (ICO) is the UK regulator responsible for enforcing data protection laws.