PruAdviser on-line services will be unavailable from 16:00 on Saturday 11 December until 12:30 on Sunday 12 December for website maintenance.
Currently we are not able to show some detailed information for Retirement Account performance for clients. This will be restored on 13 December 2021. We're sorry for any inconvenience this causes.

GDPR Glossary

Author Image Nick Hunt Technical Manager, Specialist Business Support
2 minutes read
Last updated on 23rd May 2018


Do you know the difference between data controllers and data processors? Do you know why a Data Protection Officer has a unique role within a firm?


This is the person or persons who decides what happens to personal data - how it’s stored, processed, where it goes and doesn’t go. They may need to demonstrate to the ICO how personal data is managed and that they are complying with GDPR. Sometimes the firm could delegate this to a Data Protection Officer (DPO), but it’s still the controller’s ultimate responsibility. Remember that GDPR extends to any data processor across the globe, if it has access to data from EEA citizens.

Data Protection Officer (DPO)

It’s the DPOs responsibility to lead the way. They will monitor the use of data, ensure that appropriate controls are in place, provide support and arrange training, provide guidance to senior management and lay down the law! Most importantly there should be no barriers that may hinder them from performing their role. Preferably they should not be a decision maker for the business, as this may create a conflict of interest.

Data processor

Any individual or organisation which uses, handles or has access to this data. When a data processor makes a decision which affects how the data is used, they become a controller and are responsible themselves for meeting the GDPR. In some cases there are more than one controller.

Data subject

This is a person identified from the data they have freely supplied.

Personal data

Any information relating to an identifiable person (the data subject) either directly or indirectly:

  • Name

  • Address

  • National insurance number

  • Email address

  • Location data

  • Online identifier

  • Specific factors which relate to a person, such as physical, psychological, genetic, mental, economic, cultural or social identifiers of a person.

Sensitive personal data

Information of a more sensitive nature affords the highest standards of protection e.g. health information, genetics, economic, social, sexual orientation etc.

Labelled Under:
Government Regulation GDPR

"Prudential" is a trading name of Prudential Distribution Limited. Prudential Distribution Limited is registered in Scotland. Registered Office at Craigforth, Stirling FK9 4UE. Registered number SC212640. Authorised and regulated by the Financial Conduct Authority. Prudential Distribution Limited is part of the same corporate group as the Prudential Assurance Company. The Prudential Assurance Company and Prudential Distribution Limited are direct/indirect subsidiaries of M&G plc, a company incorporated in the United Kingdom. These companies are not affiliated in any manner with Prudential Financial, Inc, a company whose principal place of business is in the United States of America or Prudential plc, an international group incorporated in the United Kingdom.