Back to all glossary articles

Data subject

A data subject is one of the three main actors under GDPR . It’s a person whose personal data can be collected. Personal data includes all data that can be used to directly or indirectly identify that person. Data subjects have various rights that they may exercise in respect of Data controller s, including:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (also known as the right to be forgotten) (Art. 17)
  • Right to restrict processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object to processing (Art. 21)

Read more about the data subjects – 4 steps to determine if your tech partner is GDPR-compliant.

  • Privacy by design in practice: How “just enough” data beats “just in case” collection

    While collecting more data “just in case” feels safer, according to Matt Gershoff, it’s also one of the biggest sources of unnecessary compliance risk, analytical noise, and wasted organizational resources in the analytics industry today. His approach of “just enough” data collection is more intentional, more aligned with privacy regulation, and often more analytically effective.

  • 4 ways to make your analytics HIPAA-compliant: Implementation guide

    Healthcare organizations have four main approaches to achieving HIPAA-compliant analytics. Each has different trade-offs in cost, technical complexity, and analytics capabilities. This guide compares all four implementation methods – from using Google Analytics with workarounds to deploying fully HIPAA-compliant analytics platforms – so you can choose the right approach for your organization’s needs and resources.

Other definitions

Recent posts from Piwik PRO blog