| |
|
| |
The Data Protection Act 1998 applies, subject to certain exemptions, to the processing of data which are deemed to be personal data. The 1998 Act uses those particular terms to define who and what fall within its provisions. These are defined at section 1(1) of the 1998 Act but broadly they are: |
| |
1998 Act |
This means the Data Protection Act 1998. |
| |
Assessable processing |
This means any processing (specified in an order of the Secretary of State as being) likely to cause substantial damage or distress to data subjects or otherwise significantly to prejudice the rights and freedoms of data subjects. |
| |
Automated decision-taking (automated data) |
This means decisions which are taken based solely on the processing by automatic means of personal data eg for the purposes of evaluating the data subject’s performance at work, their creditworthiness, their reliability or their conduct. It does not relate to computer-assisted decisions (ie decisions which may refer to computer generated information but are not automatically generated by the computer by processing that information). |
| |
Data |
This means information which is processed or is intended to be processed by means of automatic devices, such as IT systems (automated data), or is recorded on a "relevant filing system" (manual data). |
| |
Data Controller |
This means the person(s) who determine(s) the purposes and manner in which any personal data are, or are to be, processed. ‘Person’ in this sense means legal person and so, as well as individuals, includes organisations such as companies and other corporate and unincorporated bodies of people. The Charity Commission is a data controller. |
| |
Data Processor |
This means any person (other than an employee of the Commission) who processes data on our behalf (eg a computer bureau). The 1998 Act imposes a higher duty of care upon data controllers when the processing of personal data is carried out on their behalf by data processors. |
| |
Data Subject |
This means an individual who is the subject of personal data. |
| |
Manual Data/ Records |
See "Relevant filing system" |
| |
Notification |
- The system of registering with the Information Commissioner's Office details of the data controllers, the types of data processing they are undertaking and for what purposes the processing is being carried out.
|
| |
Personal Data (or personal information) |
- This means data from which it is possible to identify a living individual, either directly from that information or from additional information which is in the possession of or is likely to (ie might conceivably) come into the possession of, anyone processing that data. This includes both factual information and expressions of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual. [This might include, for example, access to personnel records by employees unless other exemptions apply which allow non-disclosure, such as information in connection with management forecasts/planning, where disclosure of the information might prejudice the conduct of business, or which consists of confidential references or relates to negotiations with the data subject.]
|
| |
Processing |
- This term covers almost any conceivable use of data, including obtaining, recording, holding, organising, adapting, altering, retrieving, consulting, using, disclosing, blocking, erasing or destroying the information or data. This means, for example, that simply possessing data constitutes processing for the purposes of the 1998 Act.
|
| |
Processing already under way |
This means the processing of personal data which was already under way before 24 October 1998. |
| |
Recipient |
This term is used in relation to personal data and means any person to whom the data are disclosed, including anyone to whom the data are disclosed in the course of processing it (eg employees or agents of the data controller). It does not include any person to whom data are disclosed in the context of an enquiry made in the exercise of a legal power. |
| |
Registrable particulars |
These are the details that data controllers must supply to the Information Commissioner about themselves and the data processing they undertake. |
| |
Relevant filing system |
(Also referred to as manual data). This means any structured set of information which is organised either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual can be easily found. |
| |
Sensitive personal data |
- This means personal data consisting of information as to a person’s racial or ethnic origin, political opinions, religious beliefs or beliefs of a similar nature, membership of a trade union, physical or mental health or condition, sexual life or the commission or alleged commission of any offence (or proceedings for those offences) by that person.
|
| |
Special purposes |
- This refers to data used for the purposes of journalism, artistic or literary purposes.
|
| |
Subject access |
- This means the right of any individual (under the provisions of the 1998 Act) to have access to personal information about themselves held by a data controller.
|
| |
Subject information rights |
- These are the rights that individuals have under the 1998 Act in respect of personal data held about them by others. These include, for example, the right to access information, prevent processing and correct inaccurate data.
|
| |
Third party |
- This term is used in relation to personal data and means any person other than the data subject, the data controller or any data processor or other person authorised to process data on behalf of the data controller or data processor.
|
