Snap Surveys GDPR Impact Assessment Tool - Glossary

The GDPR replaces the previous data protection law and includes a number of revised definitions as well as introducing new concepts and terminology.

Consent

Agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear positive action, signifies agreement to the Processing of Personal Data relating to them.

Criminal Convictions Data

Means personal data relating to criminal convictions and offences.

Data Controller

The person or organisation that determines when, why and how to process Personal Data. It is responsible for establishing practices and policies in line with the GDPR. We are the Data Controller of all Personal Data relating to our Company Personnel and Personal Data used in our business for our own commercial purposes. Our customers are the Data Controller of their Survey Data.

Data Processor

The person or organisation which Processes Personal Data on behalf of a Data Controller.

Data Subject

A living, identified or identifiable individual. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.

EEA

The countries in the EU, and Iceland, Liechtenstein and Norway.

Explicit Consent

Consent which requires a very clear and specific statement (that is, not just action).

General Data Protection Regulation (GDPR)

The General Data Protection Regulation ((EU) 2016/679). Personal Data is subject to the legal safeguards specified in the GDPR.

Personal Data

Any information identifying a Data Subject or information relating to a Data Subject that can be identified (directly or indirectly) from that data alone or in combination with other identifiers possessed or reasonably accessible to the Data Controller. Personal Data includes Special Categories of Personal Data and Pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.

Privacy Notices (also referred to as Fair Processing Notices)

Separate notices setting out information that may be provided to Data Subjects when the Company collects information about them. These notices may take the form of general privacy statements applicable to a specific group of individuals (for example, employee privacy notices or the Privacy Policy) or they may be stand-alone, one time privacy statements covering Processing related to a specific purpose.

Privacy Policy

Provides Data Subjects with comprehensive information regarding the collection and use of their Personal Data.

Processing or Process

Any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.

Pseudonymisation or Pseudonymised

Replacing information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms so that the person, to whom the data relates, cannot be identified without the use of additional information which is meant to be kept separately and secure.

Sensitive Personal Data

Information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.

Find more Snap Surveys GDPR resources at the GDPR Hub →