What Is a Data Subject?
What is Personal Data and Data Subject Under GDPR?
So, what’s a Data Subject? That’s you, the consumer. You are considered a Data Subject and the information about you is called Personal Data. In order to help you understand the steps for GDPR Compliance, we at Accountable layout everything you need to know about what you are as a Data Subject and what is defined as Personal Data.
GDPR specifically defines “personal data” as any information that relates to a natural person, which is someone who can be directly or indirectly identified. This includes:
- Name
- Identification number
- Location data
- Physical address (personal or office)
- Email address (personal or work related)
- IP address
- Radio frequency identification tag
- Photograph
- Video
- Voice recording
- Biometric data (eye retina, fingerprint, etc.)
- An online identifier of one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person.
GDPR has five definitions proposed for “data subjects,” varying from any personal data physically located in the EU to citizens of the EU.
- Located in the EU
- Resident of the EU
- Citizen of the EU
- An EU Resident/Citizen Located Anywhere
- Personal Data in the EU
Located in the EU:
A data subject is anyone physically within the borders of the EU whose data is being processed. For example, a citizen of the EU, who is physically located in the EU, who provides personal information through the purchase of a product.
Resident of the EU
A data subject is anyone who formally resides within the EU, regardless of citizenship. Simply, the individual is physically within the EU. For example, a non-EU citizen who is studying abroad in the EU.
Citizen of the EU
A data subject who has formal citizenship in the EU while that individual is physically within the EU.
An EU Resident/Citizen Located Anywhere
A data subject is anyone who has residency/citizenship in the EU whose data is being processed, regardless of where the resident/citizen is physically located at the time of processing. For example, a data subject could be an EU citizen, who is located in the U.S. and who provides personal information during the purchase of a product.
Personal Data in the EU
A data subject is anyone whose personal data is located in the EU, regardless of the residence, citizenship, or physical location of the data subject. For example, a non-EU citizen, who may or may not be located in the EU, but does provide personal information through the purchase of a product.
For information on GDPR, Check out our article “The General Data Protection Regulation (GDPR)”.