GDPR uses several terms to describe the regulation: data subject, personal data, data controller, data processor. To help clarify what these terms mean, we have given definitions below.
AN INDIVIDUAL WHO IS THE SUBJECT OF PERSONAL DATA.
To understand this definition, we also need to understand what personal data is:
DATA WHICH CAN BE USED TO IDENTIFY A LIVING INDIVIDUAL
So combining these definitions, a data subject is a living person who can be identified by the data you hold. This data could be email addresses, telephone numbers, payment information, etc.
The definition of personal data includes data which would allow identification of a living individual, when combined with other commonly available information. For example an individual's address would be personal data, since while it may not identify them on it's own, it could easily be cross referenced with Electoral Register data to find the individual's name.
In addition to these definitions, we also have data processors and controllers, which are defined as shown below:
THE PERSON/ORGANISATION THAT DECIDES HOW AND WHY DATA IS PROCESSED
A PERSON/ORGANISATION THAT PROCESSES DATA ON BEHALF OF A CONTROLLER
If you hold personal data, you will be either a Data Controller, and/or a Data Processor. Both controllers and processors have obligations under GDPR towards data subjects that they must fulfil. You should ensure that you are aware of your obligations under GDPR well before May 25th 2018, as the requirements for your organisation may be significant.