With the implementation of the General Data Protection Regulation (GDPR) a mere 3 months away, it may (or may not) surprise you to learn that 60% of organisations were reported as being not "GDPR ready" at the start of this month. The same report, by software technology firm Senzing, also found that almost 40% of UK-based directors were unsure as to whether they would be GDPR compliant come 25 May.

This is not the first study to reveal a lack of preparation for the GDPR. In January the department for Digital, Culture, Media and Sport urged business and charities to ensure they were compliant by 25 May after it was revealed that up to 50% were unaware of their new obligations.

With these statistics in mind, this is the first in a short series of jargon-busting blog posts to help tackle some of the confusion surrounding the introduction of GDPR. In this post we look at some commonly used terms in the GDPR which deal with the different types of data and those that will be handling the data:

Personal Data – the GDPR has a broader definition of what constitutes personal data than the Data Protection Act 1998, by incorporating reference to personal identifiers such as name, identification numbers, IP address and location. Generally, it means any information or data which relates to a living individual who can be directly or indirectly identified by it.

Sensitive Personal Data –the GDPR has a broader definition of this term than is the case under the Data Protection Act, as it incorporates biometric and genetic data.  It is also worth bearing in mind that under the GDPR it is no longer called sensitive personal data but is instead referred to as "special categories of personal data". Personal Data consisting of political opinions, religious or philosophical beliefs, racial or ethnic origin, or trade union membership, genetic data, biometric data, data regarding health or data concerning a natural person's sex life or sexual orientation will all be classed as "special category" data under the GDPR.

Data Subject – the person to which Personal Data  relates. For example, an employee.

Data Controller – a "person" who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. This will typically be the business entity employing staff and determining the use of their Personal Data.

Data Processor – unlike the Data Protection Act, the GDPR introduces specific responsibilities directly on Data Processors. These are third parties that process data on behalf of the Data Controller, for example, IT service providers and payroll companies. There are also additional requirement introduced under GDPR in relation to what must be contained in contracts with Data Processors.

Keep an eye on our blog for our next GDPR jargon-buster!

Dentons is the world's first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world's largest law firm, Dentons' global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries. www.dentons.com.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.