For UK financial advisers only. Not approved for use by customers. Visit the Prudential customer website For UK financial advisers only. Not approved for use by customers. Visit the Prudential customer website
Our site will be undergoing maintenance on Wednesday 20 February between 5.30pm and 6.30pm. You may experience delays during this time, we apologise for any inconvenience this may cause.

GDPR Glossary

Author Image Nick Hunt Technical Manager, Specialist Business Support
2 minutes read
Last updated on 23rd May 2018


Do you know the difference between data controllers and data processors? Do you know why a Data Protection Officer has a unique role within a firm?


This is the person or persons who decides what happens to personal data - how it’s stored, processed, where it goes and doesn’t go. They may need to demonstrate to the ICO how personal data is managed and that they are complying with GDPR. Sometimes the firm could delegate this to a Data Protection Officer (DPO), but it’s still the controller’s ultimate responsibility. Remember that GDPR extends to any data processor across the globe, if it has access to data from EEA citizens.

Data Protection Officer (DPO)

It’s the DPOs responsibility to lead the way. They will monitor the use of data, ensure that appropriate controls are in place, provide support and arrange training, provide guidance to senior management and lay down the law! Most importantly there should be no barriers that may hinder them from performing their role. Preferably they should not be a decision maker for the business, as this may create a conflict of interest.

Data processor

Any individual or organisation which uses, handles or has access to this data. When a data processor makes a decision which affects how the data is used, they become a controller and are responsible themselves for meeting the GDPR. In some cases there are more than one controller.

Data subject

This is a person identified from the data they have freely supplied.

Personal data

Any information relating to an identifiable person (the data subject) either directly or indirectly:

  • Name

  • Address

  • National insurance number

  • Email address

  • Location data

  • Online identifier

  • Specific factors which relate to a person, such as physical, psychological, genetic, mental, economic, cultural or social identifiers of a person.

Sensitive personal data

Information of a more sensitive nature affords the highest standards of protection e.g. health information, genetics, economic, social, sexual orientation etc.

Labelled Under:
Government Regulation GDPR

© Prudential 2019