, we talked about few key requirements of the GDPR. We explored the terms
, controller, processor, personal data, legitimate interests, consent, and
I personally got confused and amused by a term ‘Data Subject’ used in the regulation. Data Subject is an EU resident whose personal information is being collected or processed. I personally did not like this term as it is very impersonal. It is expected by the regulation that the language used in the ‘privacy notice’, ‘consent forms’ and many other instruments for communicating with the EU citizens should be very simple and easy to understand. I felt the language used by the regulation should have been simple and easy to understand for the people for whom it is meant and for the organizations which plan to comply. After all regulatory laws are meant to be like that. So, Data Subject is an entity, which is a living person in EU.