Skip to main content

Key Terms under Data Protection Acts 1988/2003/2018

The Data Protection Acts 1988/2003/2018 and the General Data Protection Regulation (GDPR) define a number of terms which include:

Anonymisation: Deleting all personal information from data so it is out of scope of Data Protection Law but can be used for business purposes.

Automated data: Data that is processed by means of equipment operating automatically. Examples of this include electronic records and CCTV footage.

Child: A person aged under 16.

Data breach: the alteration, destruction, loss or unauthorised disclosure or access to personal data that is being processed by a controller or by a data processor on their behalf.

Data Processor: A third party who extracts information from personal data on behalf of a data controller. This service is undertaken under a contract of services. Dublin Bus is a data processor for the Leap Card whereas the controller for the Leap Card is the National Transport Authority (NTA).

Data Subject: The living person to whom the data relates such as customers or employees. Data Controller: Dublin Bus as it controls the contents and use of personal data.

Manual data: Data that is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system. An example of this is a paper file.

Personal data: Data relating to a living individual who is or can be identified from the data, or from data in conjunction with other information in the possession of the Data Controller. This includes CCTV footage.

Processing: Obtaining, recording, storing, manipulating, erasing, disclosing, blocking or gaining information from analysing personal data.

Profiling: any form of automated processing of Personal data to evaluate certain personal aspects relating to a living person, in particular to analyse or predict aspects concerning the person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation: Processing personal data in a way that the subject cannot be identified without additional information that is stored separately and securely. 

Relevant filing system: Any set of information relating to a person that is structured either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific personal information is readily acceptable.

Sensitive data: Data relating to an individual’s race, ethnic origin, political opinions, religious opinions, philosophical beliefs. Trade union memberships, health records, sexual orientation or police record.