According to the GDPR, data subject is a particular person (natural person) whose personal data is processed by either an administrator or a processor. In the GDPR concept, the data subject is a citizen, a resident of the European Union whose rights are protected by the regulation.
Data subjects are therefore all living citizens of the European Union, regardless of who stores or processes their personal data. The person who holds the personal data of the data subjects is called data controller. The administrator can be anyone - any person, company or organization from all over the world, not only from the EU.
What rights do people have as data subjects?
According to the regulation, people have a number of rights that they can claim on administrators, such as their former employers or companies. These rights are:
- the right to be informed about the processing of their personal data, including the purpose of the processing, the identity of the controller, the processor, if any, and the recipients of personal data, if any (for a complete list of information provided by the administrator, see Articles 13 and 14 of the GDPR Regulation)
- the right to access their personal data
- the right to correct or supplement their personal information
- the right to erase their personal information
- the right to limit their personal data processing
- the right to the portability of their data
- the right to object
- the right not to be subject to automated decision-making
People can claim their rights free of charge. An exception is only the situation where the applications (claims) are manifestly unreasonable or disproportionate.