Policy
Data Protection Policy
The Data Protection Policy for the Gambling Commission.
Annex A
Glossary
Controller
The organisation (or individual) which, either alone or jointly with another organisation (or individual) decides why and how to process personal data. The Controller is responsible for compliance with the DPA and GDPR.
Data Processor
The organisation (or individual) which processes personal data on behalf of the controller.
Personal data
Any information relating to an identifiable living individual who can be identified from that data or from that data and other data. This includes not just being identified by name but also by any other identifier such as ID number, location data or online identifier, or being singled out by any factors specific to the physical, physiological, genetic, mental, cultural or social identity of the individual.
Processing
Anything that is done with personal data, including collection, storage, use, disclosure, and deletion.
Pseudonymisation
The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Special category personal data
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning health or data concerning an individual’s sex life or sexual orientation.
Previous section8. Version history - Data Protection Policy
Last updated: 20 March 2025
Show updates to this content
No changes to show.