The GDPR isn't as terrifying as you might think.

Scroll down to get to grips with the terms to impress your boss, your peers, and even your nan with by acquainting yourself with some particularly mischievous monsters.

Data breach

(dey-tuh bree-ch) | collective noun

1. a loss of control of an organisation's personal data with no guarantee of its security

2. a phrase uttered by fiercely sweating fellow employee, closely followed by uncontrollable sobbing

3. panic. Unadulterated panic.

E. 'Mary, we're going to have to sell the bungalow – there’s been a data breach'

Consent

(kuh n-sent) | noun

1. any freely given indication of a person’s wishes and one of the legal grounds organisations use to process personal data

2. see this box? Yeah? Tick it

3. permission accomplished

E. ‘I appreciate that I gave consent madam, but there’s only so many scotch eggs one man can take’

Data processing

(dey-tuh proh-ses-ing) | noun

1. the carrying out of operations on data, especially digitally, to retrieve, transform or classify information

2. computers being all clever and stuff

3. like an electronic SWAT team

E. 'We're in the mainframe. We have the all clear. Go! Go! Go!'

Legitimate interest

(li-jit-uh-meyt in-ter-ist) | noun

1. a subjective legal ground option. Marketers must weigh up their right as a business to market to someone against their right to privacy

2. your nan has discovered you once purchased a cardigan

3. your nan has now bought you 17 cardigans

E. ‘Saw this and thought of you. Oh, and these. And this. And also these’

Privacy-by-design

(prahy-vuh-see bahy dih-zahyn) | noun

1. the act of identifying what impact a particular campaign may have on privacy and data from its conception, not as an afterthought

2. giving your partner an anniversary gift on the morning of your anniversary, not grabbing something from the petrol garage on your way home

3. the beauty of foresight

E. 'These are from the petrol garage again aren’t they?'

Data controller

(dey-tuh kuh n -troh-ler) | noun

1. the name given to an organisation that owns or controls personal data

2. like the fat controller, but replace Thomas and friends with important information. Loads of it

3. the big daddy

E. ‘You have caused confusion and delay!’ the fat controller boomed.

Profiling

(proh-fahy-ling) | noun

1. any form of automated processing of personal data used to analyse or predict aspects concerning a person’s performance at work, economic situation, health, personal preferences, etc.

2. like discovering your new colleague, Gary, really really likes boiled eggs

3. knowing that lunchtimes at your desk will never be the same

E. ‘Again Gary? Really?’

Data protection officer (DPO)

(dey-tuh pruh-tek-shuh n aw-fuh-ser) | noun

1. a security leadership role required by the GDPR. Responsible for overseeing data protection strategy and implementation to ensure compliance with the GDPR requirements

2. he who rules with an iron fist

3. the enforcer

E. ‘If your name’s not down, you’re not coming in’

Special categories personal data

(spesh-ul kat-i-gawr-ee s pur suh-nl dey-tuh) | noun

1. a subset of personal data. Could be to do with racial or ethnic origin, political opinions, religious beliefs and so on

2. the stuff you want under lock and key

3. lose this and you should probably consider going into hiding

E. ‘Keep it secret, keep it safe’

Pseudonymous data

(soo-don-uh-muh s dey-tuh) | noun

1. when personal data such as name and address is replaced with a unique identifier number the data is ‘pseudonymised’ making it very difficult to identify the data subject

2. like a digital disguise

3. the Zorros of the data world

E. ‘You call it a mask, I call it being pseudonymised’

Data protection impact assessment (DPIA)

(dey-tuh pruh-tek-shuh n im-pakt uh-ses-muh nt) | noun

1. a privacy tool that helps to identify a project’s potential effects on individual privacy and compliance with data protection legislation, and to examine how detrimental effects might be overcome

2. like a health check-up, GDPR style

3. prevention is better than cure

E. The good news is you’re GDPR compliant. Now then, about that rash…’

Privacy-by-default

(prahy-vuh-see bahy dih-fawlt) | noun

1. the act of ensuring a consumer’s privacy settings are set at the highest level possible as the default setting from conception

2. like buying a house that comes complete with a burglar alarm, barbed wire fencing, security guards and ferocious Rottweilers fitted as standard

3. safety first

E. ‘Release the hounds’

Right to erasure

(rahyt too ih-rey-sher) | noun

1. a data subject has the right to request that an organisation deletes all the personal data that is held about them

2. the post break-up purge

3. don’t call me, don’t text me, don’t even think about me

E. 'It’s not you, it’s me – but also, mostly you’

Re-permission/Refresh consent

(re-per-mish-uh n/ri-fresh kuh n-sent) | noun

1. the process of getting in touch with individuals on a database and requesting their consent to process their personal data

2. like contacting an old friend, telling them you miss them and asking them if you can start writing to them again

3. just good old-fashioned British manners, really

E. ‘Would you mind if I send you a postcard from Magaluf?’

Online identifier

(on-lahyn ahy-den-tuh-fahy-uh) | noun

1. a type of personal data referred to in the GDPR. Often used to identify, recognise and categorise

2. the bits that follow you about online, in a good way

3. cookies, but not the edible kind

E. ‘This data tastes delicious’

Accountability

(uh-koun-tuh-bil bil-i-tee) | noun

1. organisations need to maintain written policies and rigorous records of data processing activity to provide evidence to justify the use of personal data

2. remember at school when your teacher told you to always show your workings?

3. yeah, that

E. ‘Well, Johnny, the conclusion you’ve reached is utter, utter madness – but I’ll give you a mark for showing the arguments that support it’

Personal data

(pur-suh-nl dey-tuh) | noun

1. A piece of data used to identify a living person, also known as personally identifiable information (PII)

2. data has feelings too you know

3. the bit everybody wants

E. ‘I think, therefore I am… data’

Layered privacy policy

(ley-er d prahy-vuh-see pol-uh-see) | noun

1. an opportunity to provide the key privacy information immediately and have more detailed information elsewhere, for those who want it

2. the onion of privacy

3. may also move you to tears

E. ‘Peel here for more information’

Data audit

(dey-tuh aw-dit) | noun

1. where an organisation evaluates its own data flows, assessing what sort of data it holds and what sources they pass the data onto

2. like finally deciding to tackle the years and years of junk in your garden shed

3. clutter control

E. ‘Grandad? How long have you been in here!?’

Right to data portability

(rahyt too dey-tuh pawr-tuh-bil-i-tee) | noun

1. allows individuals to obtain and reuse their personal data for their own purposes across different services, allowing them to move, copy or transfer personal data easily from one environment to another in a safe and secure way

2. the consumer’s bargaining chip

3. they got their leverage, and they ain’t afraid to use it

E. ‘I see your 'free eye mask and flight socks’ for 5,000,000 mileopoints with Flyhigh Airways and raise you 6,500,000 aerocredits with Brianair'

Anonymous data

(uh-non-uh-muh s dey-tuh) | noun

1. the process of either encrypting or removing recognisable information from data sets, so it remains unidentifiable

2. the faceless, the shapeless, the invisible

3. those who shall not be named

E. 'I am the nameless! I am the unknown! I... am.... DAVE! Dammit.'

Data processor

(dey-tuh proh-ses-er) | noun

1. an organisation that doesn’t control the data but processes it on behalf of the data controller

2. the car can't run without the engine

3. the blood, sweat and tears behind the operation

E. 'Is Sandra okay? She's been crying in that corner for four hours now'.

From May 25, a new era of data management will determine how your business does business.

For further information on the rules and regulations surrounding GDPR, visit:
dma.org.uk/gdpr

Copyright DMA 2018 © All Rights Reserved