Definitions of British data protection law

Definitions of the UK Data Protection Law are listed in Article 1 of the Data Protection Act (DPA) 1998 (ENG).

  • Personal data is data that relates to a living individual who can be identified
    • from those data, or
    • from those data and other information which is in the possession of or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.

  • “Data controller” means a person (whether alone or together with others) who determines the purposes and means for which data are processed.
  • “Data processor” means a person (other than the data controller’s employees) who processes the data on behalf of the data controller.
  • “data subjects” means an individual who is the subject of personal data.
  • “Processing” personal data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including
    • organisation, adaptation or alteration of the information or data,
    • retrieval, consultation or use of the information or data,
    • disclosure of the information or data by transmission, dissemination or otherwise making available, or
    • alignment, combination, blocking, erasure or destruction of the information or data;
  • “Relevant filing system” means any set of information relating to individuals to the extent that, although the information is not processed by means of equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible.