What is a Data Subject?

The term data subject is used a lot in GDPR, but what does it mean? To help clarify what a data subject is, a definition of data subject has been given below:

Data Subject:

An individual who is the subject of personal data.

However to understand this definition, we also need to understand what personal data is:

Personal Data:

data which CAN BE USED to IDENTIFY a living individual

So combining these definitions, a data subject is a living person who can be identified by the data you hold. This data could be email addresses, telephone numbers, payment information, etc.

The definition of personal data includes data which would allow identification of a living individual, when combined with other commonly available information. For example an individual's address would be personal data, since while it may not identify them on it's own, it could easily be cross referenced with Electoral Register data to find the individual's name. 

In addition to these definitions, we also have data processors and controllers, which are defined as shown below:

Data Controller:

The person/organisation that decides how and why data is processed


Data Processor:

A Person/organisation that processes data on behalf of a controller

If you hold personal data, you will be either a Data Controller, and/or a Data Processor. Both controllers and processors have obligations under GDPR towards data subjects that they must fulfil. You should ensure that you are aware of your obligations under GDPR well before May 25th 2018, as the requirements for your organisation may be significant.