The individual, or category of individuals, whose personal data you are handling – for example, Joe Bloggs, employees.
Under data protection law, consent means offering individuals real choice and control in relation to how their data is processed. Consent requires a positive opt-in and a very clear and specific statement of consent – don’t use pre-ticked boxes or any other method of default consent. Keep your consent requests separate from other terms and conditions. You will need to keep records of any consent granted, and what information people were shown (to show consent was informed). It must be as easy to withdraw as to grant consent. Consent is not the only available legal basis, and it may not be appropriate for employers or public bodies to rely on consent.
Personal data is any information that relates to an identified living individual. It also applies to data that relates to an identifiable living individual – that is, if a data subject could be identified by combining the information with other information we hold, or with information that is readily accessible.
Privacy by Design
Privacy by design is an approach to projects that promotes privacy and data protection compliance from the start. Taking a privacy by design approach is essential to minimise privacy risks and build trust with data subjects. It means building in things like staff awareness, documentation and technical safeguards at the beginning of projects and reviewing them as the project develops.
Any operation or set of operations performed on personal data or sets of personal data, including: collection, recording, organisation, storage, adaption or alteration, transmission, restriction or destruction.
Profiling relates to automated processing of personal data to evaluate certain things about an individual, or category of individuals.
Special category personal data
Special category of personal data is any data that is particularly sensitive. This is also known as ‘sensitive personal data’.