A data subject is one of the three main actors under GDPR . It’s a person whose personal data can be collected. Personal data includes all data that can be used to directly or indirectly identify that person. Data subjects have various rights that they may exercise in respect of Data controller s, including:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (also known as the right to be forgotten) (Art. 17)
  • Right to restrict processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object to processing (Art. 21)

Read more about the data subjects – 4 steps to determine if your tech partner is GDPR-compliant.


  • What is protected health information (PHI)? A guide for healthcare marketers

    Quick summary What PHI is: Any individually identifiable health information created, received, maintained, or transmitted by a covered entity or its business associates Who it applies to: Healthcare providers, health plans, healthcare clearinghouses, and their business associates Why it matters for marketing: Marketing tools that collect or transmit PHI without a BAA create HIPAA compliance…

  • We checked 59 hospital websites. 73% kept tracking visitors after opt-out.

    A new study by Piwik PRO and Verified Data scanned 59 major US hospital and clinic websites for tracking and data compliance. The findings show just how common it is for major US healthcare websites to run marketing tools that weren’t built for a regulated environment. What we actually found Across the 59 scanned sites,…