The following terms apply to the UK Data Protection Act.

Data controller

A person or organisation that stores data to be processed by a Data User.

Data subject

A person or organisation about which data is held.

Data user

A person or organisation that processes data (held by a Data controller) about a Data subject. Usually, but not always, the same entity as the Data controller.


Any information, stored for any purpose. This used only to apply to electronic information, thus leaving a huge gaping hole in the law, but the 1998 update to the Data Protection Act amended this.

Personal data

Any data that can be identified to any one person. A list of phone numbers is not in itself personal, but a list of phone numbers indexed to a list of names is.

Sensitive Data

Sensitive Data is defined as Personal data that pertains to at least one of the following:

The laws provide much stronger protection for sensitive data, compared to personal data.

Back to Computers, the Law and You