Part One | Part Two | Part Three | Part Four
This is the first part of four of our GDPR Glossary. GDPR is an EU regulation to be implemented on the 25th May 2018 which seeks to give people more control over how organisations use their data, introduce greater penalties for organisations who fail to comply with these rules and greater protection for those that suffer a breach of data.
The EU’s General Data Protection Regulation (GDPR) is the culmination of efforts to update data protection in the 21st century. GDPR specifically concerns granting permissions to use personal information for a variety of reasons in exchange for ‘free’ services.
The goal is to bring data protection in line with how people’s data is being used. Corporations including Amazon, Google, Twitter and Facebook offer services for free…if people offer their data. You do not have to look far to see the negative implications of this, with arguably the most prominent being the Cambridge Analytica scandal whereby 50 million Facebook profiles were harvested to influence the 2016 US election.
GDPR will apply to all Member States. As GDPR is a regulation, not a directive, the law will automatically apply.
There is a lot of information on the Internet surrounding GDPR. I was overwhelmed by the quantity of terminology. As a university law student, I understood the interaction between EU law and national law; but the terms used to describe the implications of GDPR in UK law were puzzling. The legal jargon was over used and confusing. I created the GDPR glossary below to provide definitions of terms which I saw regularly in articles on GDPR. This was in the hope to break down the legal and technological jargon…in turn, try to break down the enormity of GDPR.
The GDPR glossary will be split into four sections.
- The first in the series is EU and National Law Terminology.
- The second in the series is the principles behind the introduction of GDPR.
- The third in the series includes what GDPR protects
- Finally, in the fourth glossary, what needs to be done when GDPR is enforced.
EU and National Law Terminology
The first in the series is EU and National Law Terminology. This GDPR glossary seeks to show why it is so important that companies are GDPR compliant by 25th May 2016. The UK is still in the EU; therefore, we still need to comply with EU regulations. Even when we leave the EU, the likelihood is that we will still have to keep these regulations to access the EU market.
Data Protection Act 1998: An Act in the United Kingdom defining the ways in which information about living people may be legally used and handled.
Directive: A Directive shall be binding, as to the result to be achieved, upon each Member State to which it is addressed, but shall leave to the national authorities the choice of form and methods. Each Member State must achieve a result, but it is up to the government as to how this result is achieved.
European Union: An association of European nations formed in 1993 for achieving political and economic integration. There are 28 Member States in the European Union.
Member State: A country that belongs to a political, economic or trade organisation such as the European Union.
National Law: The law of a country or a State.
Primacy: International law is the basis for any Treaty and is the principle after custom international law that Treaties be applied and kept. The transfer by the States from their domestic legal system to the Union legal system of their rights and obligations arising under the Treaty carries with it a permanent limitation on their sovereign rights. EU law is supreme over national law.
Privacy and Electronics Communication Regulation 2003: Works with the Data Protection Act to give people specific privacy rights in terms of electronic communications.
Regulation: Are binding in their entirety and directly applicable in Member States. No Parliament must transform, implement or incorporate it into national law. It is the law before Parliament having to say so.
Uniformity: The quality or state being uniform. If there is uniformity in something such as a system, organisation or group of countries, the same rules, ideas, or methods are applied in all parts of it.
I hope this has highlighted the importance of GDPR in terms of international law and has helped to break down Union terminology. I have found this has helped me understand the current law in the UK and how GDPR will change this. Everyone talks about the enormity of GDPR, but I have found this glossary useful in terms of what it will replace and how it will do so.
Please feel free to leave in the comments any further terms that you feel should be included in this GDPR glossary.
If you would like to continue reading our GDPR Glossary, please see the second part of the series ‘Principles Behind the Introduction of GDPR‘.