What Is a GDPR Data Subject?

Lawrence Bonk Profile image

Written by:

Updated January 6, 2023

If you are new to the fraught world of online privacy, you may wonder what is a GDPR data subject. Many of the best websites and online shopping platforms have adopted various practices that impact consumer privacy, which is where the GDPR and its suite of consumer protections come into play. So why do we need consumer privacy laws, what is a GDPR data subject, and how do these laws help average consumers? Keep reading to find out.


  • The General Data Protection Regulation, or GDPR, is a series of consumer privacy regulations for EU residents, providing them with fundamental rights and creating a supervisory authority for processing activities.
  • Under the rules of the GDPR, a data subject is a legal person or natural person, while personal data refers to information acquired by online entities.
  • Online identifiers within the GDPR refer to gender, sexual orientation, ethnicity, health data, and more.

Why Do We Need Consumer Privacy Laws?

This one is a no-brainer, even before learning all about the GDPR DPA. Companies regularly sell our private data to data brokers at a profit, giving the GDPR a legal basis for processing, among other entities. Without consumer protection laws, we would have little or no legal recourse to such nefarious activities. This is why privacy laws have popped up in various states like California, Virginia, and Colorado.

Insider Tip

You can request that companies delete any private data, and they have a set number of days to reply or comply.

What is the GDPR?

The General Data Protection Regulation, or GDPR DPA, is a comprehensive suite of consumer privacy laws developed for residents of the European Union (EU.) These rulings pertain to any information about natural persons within the region, so this law does not protect anonymous accounts. Just like California’s CCPA law, this ruling allows consumers to request that companies refrain from selling personal data and allows them to issue deletion requests. There is no GDPR for the entire US market, though certain states have their own versions.

What is a GDPR Data Subject?

That leads us to the topic of data subjects within the European Union’s GDPR regulations. Simply put, a data subject is just a person. So when you read or hear the term GDPR data subject, it is referring to a consumer in the EU. While a data subject refers to a consumer, “personal data” refers to any information related to that data subject. This includes names, ID numbers, location data, financial information, biometric data, and various online identifiers.

STAT: GDPR defines “data subjects” as “identified or identifiable natural person[s].” In other words, data subjects are just people—human beings from whom or about whom you collect information in connection with your business and its operations. (source)

What are Online Identifiers?

In this context, online identifiers refer to social identity, cultural identity, ethnic identity, physiological identity, and much more. Companies can sell this information right along with personal data, which leads to an increase in spam emails, target marketing ads while surfing online and even spam phone calls.

GDPR Data Subjects FAQs

What is a natural person according to the GDPR?

A natural person or legal person within the GDPR is a single person existing within the EU. Companies have a legal obligation to natural persons when it comes to personal data processing.

What is GDPR personal data?

Personal data of a legal person within the GDPR refers to privacy rights regarding email addresses, online identifiers, and more. These protection principles protect each of the aforementioned data points.

Is your company a data controller?

A company is considered a data controller if they collect data from natural persons and legal persons for the purpose of processing activities. This opens up the company to a supervisory authority and public authorities.
Lawrence Bonk Profile image