Frequently asked questions

The data protection principle that says data controllers must demonstrate compliance with the data protection principles.

The data protection principle that says data must be accurate and kept up to date.  You must take every reasonable step to ensure that inaccurate personal is erased or rectified immediately.

A connection using a telephone service allowing two-way communication in real time.

Closed Circuit Television, which is in use across the Branch Network and head Office for the purpose of safety and crime prevention.

Of the data subject means freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

A request from the business directed at data subjects, asking for their permission to process their data and informing them of the purpose.

The organisation that determines the purposes and means of the processing of personal data.

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Personal data related to the physical or mental health of a person, including the provision of health care services, which reveal information about his or her health status.

The data protection principle saying that data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

A set of data protection regulations in the United Kingdom that were  in force between 1998 and 2018, when they were replaced by the Data Protection Act 2018, the Data Protection, Charges and Information Act 2018 and the General Data Protection Regulation (GDPR).

The new UK Data Protection Act that sits alongside the Uk Data Protection, Charges and Information Acrt 2018, the General Data Protection Regulations (GDPR) and the Privacy in Electronic Communications Regulations  (PECR) (Updated by the E-Privacy Bill) to form the new standard of Data Protection in the UK since 25th May 2018.

The regulation that sits alongside the Data Protection Act 2018 covering the rules around registering as a data controller in the UK.

The person legally appointed by an organisation to ensure that they know the rules and comply with all of them.

A firm based within the territory that has been appointed by a processor or controller to represent them in that country to comply with the legal requirement to have a representative.

An internal document that enables lawful sharing of personal data across the group provided that there is a reason to share.

A person whose data you are processing.

A request from a person to see a copy of the personal information we hold about them.

Any form of advertising, whether written or oral, sent to one or more people by automated calling and communication systems  including  email, telephone and SMS.

Live telephone calls without the use of automated calling systems and communication systems.

A comprehensive appraisal of a business undertaken to establish that it meets the required standards to enter into a contract with.

The proposed update to the Privacy in Electronic Communications Regulation (PECR).

Any communication that is carried out using technology.

The content of electronic communications services, such as text, voice, videos, images, and sound.

Any text, voice, sound or image message sent which can be stored in the network or by the recipient.

Any structured set of personal data, which is accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.

The General Data Protection Regulations (GDPR) is the Europe wide set of data protection regulations that became enforceable after 25th May 2018.

The rules will still apply to the United Kingdom post Brexit.

Personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.

The United Kingdom’s Data Protection Authority is the Information Commissioners Office (ICO). 

They are responsible to ensuring compliance to data protection regulations.

The act of telling a data subject what data you will take form them and why.

The data protection principle that says data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

The data protection principle that says data must be processed lawfully, fairly and in a transparent manner.

Any data processed in an electronic communications network, indicating the geographic position of the user.

The act of saying something to express one's opposition to or disagreement with something.

Privacy in Electronic Communications regulations (PECR) is a Europe wide set of regulations concerning the use of electronic communications that have been in place since 2003.

The regulations will be update by the e-privacy bill.

Any information relating to a person such as a name, an identification number, location data, an online identifier or other factors such as their physical, genetic, mental, economic, cultural or social identity.

The public facing document that contains all the information data subjects should know about how we use their personal data and their rights.

An internal policy that explains how your organisation manages personal data.

Any operation that is performed on personal data, whether automatic or not, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment or combination, restriction, erasure or destruction.

An organisation that processes personal data on behalf of a controller.

Processing a data subject’s personal information to automatically decide or predict their personal preferences, interests, behaviour or movement.

An organisation to which personal data is disclosed.

A record, required by law, that details what personal information an organistion processes and what the purpose and lawful basis is.

This is how certain countries refer to what is more widely known as the General Data Protection Regulations (GDPR), which is the Europe wide set of data protection regulations that became enforceable after 25th May 2018.

The marking of stored personal data with the aim of limiting their processing in the future.

A document listing all the titles of the records held the length of time each document or record will be retained, the reason for its retention.  A clearly defined plan for a record retention and disposal is a vital component of a records program.

When a processor appoints another processor to process the controller’s data.

An organisation other than your own that you deal with.

An organisation other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

A document between 2 parties that explains what each party is reponsible for.