Key definitions under the GDPR
Key definitions under the GDPR

The following Financial Services guidance note provides comprehensive and up to date legal information covering:

  • Key definitions under the GDPR
  • Background to the General Data Protection Regulation
  • Background to the Data Protection Act 2018
  • Key definitions under the GDPR and DPA 2018
  • Personal data
  • Special categories of personal data
  • Data subject
  • Controller
  • Processor
  • Representative
  • more

Background to the General Data Protection Regulation

The General Data Protection Regulation (the GDPR) (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC), was published in the Official Journal of the EU on 4 May 2016. Its provisions became directly applicable and fully enforceable in all EU Member States, including the UK, on 25 May 2018.

The GDPR replaces Directive 95/46/EC, the Data Protection Directive, which was incorporated into UK law via the Data Protection Act 1998 (DPA 1998) (now repealed). The GDPR has introduced substantial amendments to data protection law in the UK, including the repeal of DPA 1998. For background reading on the GDPR, see Practice Notes: The General Data Protection Regulation (GDPR) and EU data protection reform—timeline [Archived].

For a comprehensive introduction to the GDPR, collating key practical guidance, see: GDPR toolkit.

Background to the Data Protection Act 2018

Specific implementing legislation was not required to transpose the GDPR into domestic law, although the GDPR contains provisions allowing EU Member States to introduce further domestic provisions in a number of areas. In the UK, the government introduced the Data Protection Bill 2017, to repeal DPA 1998