GDPR: Who Is A Data Subject

Navigating Stormy Social Media Discovery
Safely Navigating the Stormy Seas of Social Media Discovery
August 23, 2018
SF Court Rejects ESI Discovery Sanctions
SF Court Rejects eDiscovery Sanctions, Provides Guidance on Defensible Preservation
August 30, 2018

GDPR: Who Is A Data Subject

GDPR: Who is a Data Subject
This post is the fourth of a series of short blog posts about GDPR. Click here to go to the first blog post

One of the most surprising things about the GDPR is its failure to specifically define who is a “data subject.”

Despite the centrality of this concept to the GDPR, the only meaningful definition of data subjecti is embedded in the broader delineation of Personal Data in Article 4.

'[P]ersonal data’ means any information relating to an identified or identifiable natural person (‘data subject’)

Parsing that language, the data subject is not necessarily the data custodian.  It is the natural person about whom the data speaks.  As we explained in a previous post, the data subject in the GDPR is only a natural, not legal, person.  

This distinction can cause some confusion for eDiscovery practitioners who are used to data ownership by custodians.  In that case, rights and responsibilities for data are based on who owns, maintains, or has data.  The GDPR flips that on its head.  The data subject—the identified or identifiable natural person about whom the data exists—has most of the rights related to the data itself. By way of example, a CRM database may have one custodian at an organization who would own or manage the system.  The CRM itself would in turn have myriad data subjects—any identified or identifiable natural person listed in the database. This concept—that the rights to data belong to the person about whom the data exists rather than the owner of the data—will be central to several of our upcoming topics on the GDPR.

Jonathan Swerdloff
Jonathan Swerdloff
Jonathan Swerdloff is a Consultant at Driven, Inc. Prior to joining Driven, Jonathan was a litigation associate at Hughes, Hubbard & Reed LLP, accumulating more than 10 years experience in eDiscovery that included managing large discovery projects, analysis of enterprise systems, and investigations into nontraditional data sources. Through his experience as a litigator and programmer, Jonathan focused primarily on creative problem solving with regard to all data types. He analyzed and produced complex enterprise systems and developed internal workflows for large litigations. He deployed Information Governance strategies, has extensive experience with structured data collection, analysis, and production, and has served as an expert witness. His experience also includes developing cost-saving legal processes, managing legal budgets, and supervising legal personnel. Jonathan is admitted to the bars of New York and Connecticut. He holds a J.D. from the Cardozo School of Law and an MPS from NYU’s Tisch School of the Arts Interactive Telecommunications Program, where he studied rapid prototyping and software development. Jonathan is also an adjunct professor at the Parsons School of Design, teaching a Masters-level course in regulatory and ethics contexts for product designers. Jonathan previously served as the Director of Legal Strategy at the Corporate Knowledge Strategies Forum