GDPR: Who Is A Data Subject

Navigating Stormy Social Media Discovery
Safely Navigating the Stormy Seas of Social Media Discovery
August 23, 2018
SF Court Rejects ESI Discovery Sanctions
SF Court Rejects eDiscovery Sanctions, Provides Guidance on Defensible Preservation
August 30, 2018

GDPR: Who Is A Data Subject

GDPR: Who is a Data Subject
This post is the fourth of a series of short blog posts about GDPR. Click here to go to the first blog post

One of the most surprising things about the GDPR is its failure to specifically define who is a “data subject.”

Despite the centrality of this concept to the GDPR, the only meaningful definition of data subjecti is embedded in the broader delineation of Personal Data in Article 4.

'[P]ersonal data’ means any information relating to an identified or identifiable natural person (‘data subject’)

Parsing that language, the data subject is not necessarily the data custodian.  It is the natural person about whom the data speaks.  As we explained in a previous post, the data subject in the GDPR is only a natural, not legal, person.  

This distinction can cause some confusion for eDiscovery practitioners who are used to data ownership by custodians.  In that case, rights and responsibilities for data are based on who owns, maintains, or has data.  The GDPR flips that on its head.  The data subject—the identified or identifiable natural person about whom the data exists—has most of the rights related to the data itself. By way of example, a CRM database may have one custodian at an organization who would own or manage the system.  The CRM itself would in turn have myriad data subjects—any identified or identifiable natural person listed in the database. This concept—that the rights to data belong to the person about whom the data exists rather than the owner of the data—will be central to several of our upcoming topics on the GDPR.

Jonathan Swerdloff
Jonathan Swerdloff
Jonathan Swerdloff is Director of Global Client Services and eDiscovery at Scott+Scott Attorneys at Law LLP. Prior to this role, he was an expert Consultant at Driven, Inc. Learn more about Driven's Consulting Services