Guidance
Customer Privacy notice: glossary of technical terms
Updated 11 November 2025
Applies to England and Wales
© Crown copyright 2025
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/planning-inspectorate-privacy-notices/customer-privacy-notice-glossary-of-technical-terms
| Term | Definition |
|---|---|
| MHCLG | Ministry of Housing, Communities and Local Government |
| ICO | Information Commissioner’s Office |
| UK GDPR | UK General Data Protection Regulation |
| LA | Local Authority |
| Personal Data | Any information relating to an identified or identifiable living individual (data subject), such as name, address, email, or identification number. |
| Data Subject | An individual whose personal data is processed. Data protection law applies only to living individuals. |
| Special Category Data | Sensitive personal data requiring extra protection, including data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health, sex life, or sexual orientation. |
| Biometric Data | Personal data relating to physical, physiological, or behavioural characteristics, allowing unique identification (e.g., facial images, fingerprints). |
| Processing | Any operation performed on personal data, including collection, recording, organisation, storage, alteration, retrieval, use, disclosure, erasure, or destruction. |
| Controller (Data Controller) | The organisation that determines the purposes and means of processing personal data. Responsible for compliance with data protection law. |
| Data Processor | A person or organisation that processes personal data on behalf of the controller, under their instructions. |
| Lawful Basis | The legal grounds for processing personal data, as set out in Article 6 of UK GDPR (e.g., consent, legal obligation, public task, legitimate interests). |
| Consent | Freely given, specific, informed, and unambiguous indication of a data subject’s wishes, specifying agreement to the processing of their personal data. |
| Data Breach (Personal Data Breach) | A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. |
| Encryption | The process of converting information or data into a code to prevent unauthorised access. |
| Individual Rights | Rights granted to data subjects under UK GDPR, including the right to access, rectify, erase, restrict, object, and data portability. |
| Subject Access Request (SAR) | A request by a data subject to access their personal data held by a controller. |
| Third Party | Any person or organisation other than the data subject, controller, or processor. |