Key definitions under the GDPR
Key definitions under the GDPR

The following Financial Services guidance note provides comprehensive and up to date legal information covering:

  • Key definitions under the GDPR
  • Background to the General Data Protection Regulation
  • Background to the Data Protection Act 2018
  • Key definitions under the GDPR and DPA 2018
  • Personal data
  • Special categories of personal data
  • Data subject
  • Controller
  • Processor
  • Representative
  • more

Brexit: On 31 January 2020, the UK ceased to be an EU Member State and entered an implementation period, during which it continues to be subject to EU law. During this period, the GDPR applies in the UK and the UK generally continues to be treated as an EU (and EEA) state for EEA and UK data protection law purposes. Any references to EEA or EU states in this Practice Note should therefore be read to also include the UK until the end of the implementation period. For further guidance on that period, its duration and the data protection laws that are anticipated to apply after the end of it, see Practice Note: Brexit—implications for data protection.

Background to the General Data Protection Regulation

The General Data Protection Regulation (the GDPR) (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC), was published in the Official Journal of the EU on 4 May 2016. Its provisions became directly applicable and fully enforceable in all EU Member States, including the UK, on 25 May 2018.

The GDPR replaces Directive 95/46/EC, the Data Protection Directive, which was incorporated into UK law via