FoM GDPR definitions
These definitions could be subject to updates. Please expand the terms below for further information.
FoM GDPR Definitions
(Data Protection Bill does not use 'anonymised' - see 'pseudonymised data' making unauthorised re-identification a crime)
Anonymisation is the process of turning data into a form which does not identify individuals. Information is considered anonymised when it is insufficient to be able to identify an individual, even if it were used in combination with other publicly available data.
“Data anonymised in line with the ICO Anonymisation code of practice is not personal data. An example of this is when identifiers are held by another organisation with an agreement that specifies no re-identification. You should be aware that the action of ‘anonymisation’ counts as processing personal data. At the time of writing, the ICO is working to update the code to reflect GDPR requirements.”
A controller determines the purposes and means of processing personal data. A controller is not relieved of obligations where a processor is involved – the GDPR places further obligations on controllers to ensure contracts with processors comply with the GDPR.
A data controller is defined as ‘corporate responsibility’ under GDPR, i.e. responsibilities will not be placed on individual staff.
An organisation that acts as ‘Data controller’ should be defined in data sharing agreements, contracts, data processing agreements.
Please see Controllers and personal data in health and care research on the NHS Health Research Authority website to see research specific examples how data controllers can be established.
Responsible for processing personal data on behalf of a controller. The GDPR places specific legal obligations on processors; for example, processors are required to maintain records of personal data and processing activities. Processors will have legal liability if you are responsible for a breach.
Data processor is defined as ‘corporate responsibility’ under GDPR, i.e. responsibilities will not be placed on individual staff.
An organisation that acts as ‘Data processor’ should be defined in data sharing agreements, contracts, data processing agreements.
(The College refers to this as 'Information asset')
A logical collection of data which may consist of a single or multiple files/lists (for example electronic/paper files, database etc.) that are processed for a particular/common purpose and are derived from the same origin.
Information Asset Administrator (IAA)
An Imperial College London employee who has been delegated responsibility for the identified dataset as defined by the IAO. IAA has a working knowledge of the dataset and/or information system and is able to support IAO operationally.
Examples of delegation and responsibilities:
- Adding / removing users who can access dataset
- Registering dataset
- Managing data contracts and sharing agreements
- IAA will typically be a 'Database Manager', 'System Manager' etc.
IAA can also be referred to as 'Data Manager', 'Information Asset Manager'
Information Asset Owner (IAO)
A member of staff who has overall responsibility and oversight for the identified information asset/dataset and the manner in which personal and pseudonymised data are processed. IAO is responsible for determining access requirements. IAO may delegate roles to one or more Information Asset Administrator (IAA) provided IAA(s) have sufficient knowledge of the conditions of use of the identified dataset.
- IAO will typically be the P.I.
- IAO should have active involvement with the group that processes data and be aware of the requirements associated with the dataset
- IAO should be a permanent employee of the College. Known exception - Trust employee with the honorary contract in the College.
Personal Data (As defined in Article 4 of the General Data Protection Regulation as any information related to a natural person which can be used to identify them) - special measures of protection are required.
This definition provides for a wide range of personal identifiers to constitute personal data, including:
- identification number,
- location data or online identifier
- one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
(UK Data Protection Bill refers to as ‘de-identified’)
Data amended in such a way that no individuals can be identified from those data (whether directly or indirectly) without a "key" that allows the data to be re-identified.
The purpose of the pseudonymisation to restrict/minimise the number of people who require access to the original identifiable data whilst facilitating researchers to work with non-identifiable (directly) data sets.
Range of re-identification criteria below should be used to establish how easy it will be to re-identify subjects, which could lead to data being considered to be personal data:
- Asset owner, asset users have access to the key for re-identification
- Data contains an identifier (e.g. NHS number)
- Data controller has deemed this data to be easily re-identifiable
- Processor is involved in treating data subjects
- Processor has recruited data subjects for study
- Processor has access to other data, inside or outside of an organisational unit, which could re-identify data subjects
- Processor will be linking external data such as geocoding or social media
- A technology or method is used which may accidentally re-identify data subjects
“Data that has been pseudonymised (with identifiers separated), where the dataset and identifiers are held by the same organisation, is still personal data.” Please see GDPR: What researchers need to know on the MRC website for more information.
Special categories of data
(previously known as personal sensitive data)
Special Categories of Data as defined in Article 8 of the General Data Protection Regulation as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data. This includes patient-identifiable data for research purposes.
Any person who has access to an information asset/dataset.