GDPR Article 4 defines data subjects as “an identified or identifiable natural person.”
By this definition, data subjects are just people. In this context, people about whom your organization collects and processes data, and who have specific data rights and protections.
But what qualifies someone as a data subject under the GDPR?
That part is a little tricky. Several different qualifiers appear throughout the GDPR text—ranging from being an EU citizen to having personal data physically located in the EU.
Here’s a more detailed review of how data subjects are qualified, including recommendations for how to shore up your compliance stance.