Foundation Year Network General Data Protection Regulation Glossary
| Term | Definition |
| Commercially Valuable Information | Information assets with commercial value to the Network or which could expose the Network if inappropriately disclosed. Examples include financial projections and business plans, intellectual property, press releases under embargo, some third-party contracts. |
| CONFIDENTIAL (COMMERCIAL) | Classification applied to Commercially Valuable Information, as per the Network’s Information Security Classification Scheme. |
| CONFIDENTIAL (PERSONAL) | Classification applied to Personal Data, as per the Network’s Information Security Classification Scheme. |
| Confidential Information | Generic term covering both CONFIDENTIAL (PERSONAL) and CONFIDENTIAL (COMMERCIAL) Network information. See the Network’s Information Security Classification Scheme. |
| Data Controller | The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. |
| Data Processor | A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. |
| Data Protection Act (DPA) | The UK’s Data Protection Act 1998, primary data protection legislation in the UK until the enforcement of the EU General Data Protection Legislation (GDPR) on 25 May 2018. |
| Data Protection Impact Assessment (DPIA) | A method of identifying and addressing privacy risks in compliance with GDPR requirements. |
| Data Protection Legislation | The EU General Data Protection Regulation (GDPR) and UK Data Protection Act 1998. |
| Data Protection Officer (DPO) | A role within the Network responsible for enabling compliance with data protection legislation and playing a key role in fostering a data protection culture within the Network and helps implement essential elements of data protection legislation, such as: The principles of data processing data subjects rightsData protection by design and by default records of processing activitiesSecurity of processing notification and communication of data breaches. |
| Data Sharing Agreement | A legal contract outlining the information that parties agree to share and the terms under which the sharing will take place. |
| Ingleton Parish Network / The Network | The legal entity that is Ingleton Parish Network. |
| Employee | A full-time or part-time, permanent or temporary, paid officer of the Network, whether directly or indirectly engaged. |
| GDPR (General Data Protection Regulation) | The Regulation (EU) 2016/679 (General Data Protection Regulation), enforceable as of 25 May 2018 in all member states to harmonize data privacy laws across Europe. |
| Information Asset Owner | A member of staff that has overall responsibility for an information asset. |
| INTERNAL or INTERNAL ONLY | Classification applied to routine Network business information not normally intended for public consumption, but the release of which would be of no detriment to the Network, as per the Network’s Information Security Classification Scheme. |
| Major Information Asset | One of a defined group of large information assets held by the Network: Member InformationStaff InformationFinancial Information. |
| Personal Data | Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
| Privacy Impact Assessment (PIA) | A method of identifying and addressing privacy risks in compliance with DPA requirements, superseded by Data Protection Impact Assessment under GDPR. |
| Processing | Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
| PUBLIC | Classification applied to information that the Network actively places in the external domain, as per the Network’s Information Security Classification Scheme. |
| Publication Scheme | A scheme relating to the publication of information in accordance with the Freedom of Information Act 2000, and a commitment to making certain classes of information routinely available, such as policies, minutes of meetings and annual reports. |
| Request for Information | A request for information made to a public authority, pursuant to section 1(1) of the FOI Act 2000 and/or Regulation 5 of the Environmental Information Regulations 2004. |
| Restricted Information | Generic term covering Network Information that has not been classified as PUBLIC. See the Network’s Information Security Classification Scheme. |
| Senior Information Risk Owner (SIRO) | Network member with overall responsibility for the Information Governance Policy, sub-policies and information governance framework providing independent accountability and assurance that information risks are addressed ensuring that information risks are treated as a priority for business outcomesPlaying a vital role in getting the Network to recognise the value of its information, enabling its optimal effective use. |
| Sensitive Personal Data (also known as ‘Special Categories of Personal Data’) | Data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership and health or sex life plus genetic and biometric data. Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to their processing. |
| Super Information Asset Owner | Network member with overall responsibility for the coordination of the management and handling of one of a defined group of major information assets across the Network. |
| Network Information | Any data and information created or received by an employee in the performance of their duties for the Network. |