Skip to main content Accessibility information

Glossary of Data Protection Terms

Data Controller

The organisation, i.e. the University, responsible for ensuring the Data Protection Act is complied with. The representative being the Data Protection Officer, who can be contacted at  

Data subject

A living person who is the subject of the information, and can be identified from it.

Personal data

Relates to individuals who can be identified from the data. Personal data includes contact details, date of birth, qualifications, or anything pertaining to an individual. It is something that affects that person’s privacy (whether in their personal / family life, or business / professional capacity) in the sense that the information has the person as its focus or is otherwise biographical in nature, and identifies that person – by itself or with other information.

Processing of data

This means any of the following: to obtain, record or hold, carry out operations on it, organise, adapt, alter it, retrieve it, disclose it, erase or destroy it. Relevant filing system, any paper or manual filing system which is structured in a way so that information about an individual is accessible. Sensitive data includes information about the persons racial or ethnic origin, political opinions, religious beliefs, membership of a trade union, physical or mental health or condition, sexual life, commission or alleged commission of an offence, proceedings of any offence or alleged offence or sentence of court.

Subject access request

Under the Data Protection Act, individuals can request to see the information about themselves that is held on computer and paper records. To exercise this subject right, the individual should write to the person or organisation they believe to be processing this information. All enquiries to the University of St Mark & St John should be addressed to the Data Protection and Freedom of Information Officer.

Third party

Any individual or organisation other than the data subject or the University.