While the term ‘data subject’ may sound weird, its meaning is actually very simple. A data subject is any person whose personal data is being collected, held or processed. As you will see a bit later, personal data can refer to anything from your name, home address or your posts on social media. As a result, anyone becomes at some point a data subject – whether they are applying for a job, booking a flight, using their credit card or just browsing the internet, they disclose some personal data.
The EU GDPR proposes a set of rules that are meant to help data subjects and enforce their rights against abusive personal data processing. First of all, in order for their personal data to be processed, data subjects must give their consent. The subject of consent is a very sensitive one under the GDPR, as we will see later on. For now, we will say that unless your personal data is required under legal obligations, your consent is required for data processing.
Another right you should be aware of as a data subject is the right to access data about you. You can inquire whether or not your data is being processed and you also have the right to receive a copy of that data in an intelligible form. Automated decisions, or profiling are also restricted within the GDPR. As a result, a data subject has the right to not be evaluated on the basis of automated processing. Other important rights include the right to restrict processing, the right to data portability, the right to be forgotten, the right to rectification and more. To read more about these rights, check our article of EU citizens’ rights.