Data Subject: Definition, Meaning, and Applicability

Data Subject Definition

A data subject is a term in privacy law that refers to individuals that can be identified using specific data such as location details, national ID numbers, ethnicity, race, purchase history, credit card information, IP addresses, and more. Data subjects refer to collecting and processing personally identifiable information — where entries in large data sets can be tied back to specific individuals.

How is a Data Subject Defined Under GDPR?

GDPR article 4 defines data subjects in a similar manner, saying that a data subject is an identifiable natural person — someone who can be traced back via specific data points. It's also important to note that the term 'data subject' was first introduced under GDPR, and has since been adopted by other privacy laws such as CCPA and PIPEDA.

Read more in our guide to GDPR, where we discuss the law and its applicability for businesses and individuals.

What Rights do Data Subjects Have?

Under the GDPR, data subjects have the right to know that their personal data is being collected, processed, or stored. That's why it's so important to display a GDPR-compliant privacy policy on your website, clearly defining how you store or process personally identifiable information such as IP addresses and cookies.

Failing to display a privacy policy is considered a GDPR violation and may result in fines. 

Another right of data subjects under GDPR is the 'Right to be Forgotten'. Known as GDPR article 17, the right to be forgotten allows individuals to request organizations for a copy of the data stored by them as well as the right to request that the data be deleted. In California, this is known as 'Data Subject Access Requests'.