Data Subjects are the primary focus of data protection law. A data subject is a living individual for which an organisation might process personal data. It is important to recognise that a deceased person is not a data subject within data protection law, meaning there is no legal requirement to protect the data of a person who is no longer living (however always consider the ethical position here).
A company is not a data subject but a sole trader or a partnership is a data subject, so you should always be aware of this. This means that if your organisation is processing the data for a partnership or sole trader it needs to protect this data in the same manner as it would process the data of an individual.
What all of this means is that you have:
- A legal obligation under data protection law to protect the data of a living individual
- An ethical obligation to respect the data of a deceased individual; and
- A information security obligation to protect none personal or commercial information
When we begin to assess the risk related to processing data for data subjects we may treat certain data subjects differently, often based upon a perceived vulnerability. For example children’s data is highlighted in law as a child can be manipulated more easily than most adults.
Copyright: All information and articles provided represent the views of ProvePrivacy Limited and our contributors. They do not constitute legal or data protection advice. All rights reserved.
