IN THIS CHAPTER

Spelling out the eight data subject rights

Understanding Data Subject Access Requests (DSARs)

Honoring a data subject’s right to be forgotten

Dealing with the consequences of not responding to data subject rights

A data subject is an individual whose personal data is collected, held, or processed. When you, as an individual, provide your data (for example, your name, email address, and phone number) to an organization, you are the subject of the data — that is, the data subject. Personal data is defined in the GDPR as “any information relating to an identified or identifiable natural person,” including information that may be referenced via particular identifiers such as a name, location data, or via factors relating to physical, genetic, or social identity of that natural person. Chapter 3 spells out what is and is not personal data. A natural person is an individual human being, as opposed to a legal person such as an organization.

A key part of the GDPR, you likely won’t be surprised to know, is to provide for certain rights for ...