← Glossary·Privacy

Data Subject

GDPR

The identified or identifiable natural person to whom personal data relates (GDPR Art. 4(1)).

A data subject is the natural person to whom personal data relates. Under GDPR, only natural persons (not legal entities) are data subjects. The CCPA equivalent is the ‘consumer’.

Why it matters
Data subjects have enumerated rights (access, rectification, erasure, portability, restriction, objection). Failing to honour them within deadlines (1 month GDPR, 45 days CCPA) triggers regulator complaints.

Related terms

Data Subject Rights (DSAR)
Rights granted to individuals over their personal data — access, rectification, erasure, portability, restriction, objection.
Personal Data (GDPR)
Any information relating to an identified or identifiable natural person (data subject) — Art. 4(1).
Data Controller
The entity that determines the purposes and means of personal data processing (GDPR Art. 4(7)).

Does your program actually cover Data Subject?

Run a free ComplianceIQ audit against GDPR and we'll surface every gap on this — and the other controls auditors flag — with the exact clause references to fix.

Free GDPR auditBack to glossary