What is Data Subject?
A data subject is an identified or identifiable natural person whose personal data is being collected, held, or processed by an organization.
A data subject, as defined under the GDPR, is any identified or identifiable natural person whose personal data is processed by a data controller or data processor. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or factors specific to the person's physical, physiological, genetic, mental, economic, cultural, or social identity.
Data subjects are the individuals who are granted rights under data protection laws, including the right of access, rectification, erasure, restriction, portability, and objection. The concept exists in different forms across regulations: the CCPA refers to "consumers," the DPDPA uses "Data Principals," and POPIA covers both natural and juristic persons. Understanding who constitutes a data subject is critical for determining the scope of an organization's privacy obligations.
IQWorks helps organizations manage their obligations to data subjects through SearchIQ for fulfilling individual rights requests, DiscoverIQ for maintaining awareness of all data subjects whose data is processed, and ConsentIQ for managing data subject consent preferences across all processing activities.
Relevant Regulations
How IQWorks Helps
Related Terms
Data Subject Rights (DSR)
Data Subject Rights are the legal rights granted to individuals under data protection laws, enabling them to control how their personal data is collected, used, stored, and shared by organizations.
Data Principal / Data Subject
A Data Principal (under India's DPDPA) or Data Subject (under the GDPR) is the individual whose personal data is being collected, processed, or stored by an organization.
Data Subject Access Request (DSAR)
A Data Subject Access Request is a formal request made by an individual to an organization to obtain confirmation of whether their personal data is being processed and, if so, to receive a copy of that data along with details about how it is used.