Definition of data subject not broad enough
pdehaye opened this issue · 5 comments
The definition of data subject seems to be too narrow. It is supposed to be an individual, identified or identifiable (etc). This could be for instance a resident outside of Europe whose data is processed by any entity upstream based in Europe (the controller or any data processor along the chain).
@pdehaye Good point. I was trying to avoid this being a repeat of the legal definitions in the GDPR. What do you think about simply replacing that line with: "An individual whose personal data is governed by the GDPR."
That seems much better, but there is an embedded potential problem in the definition in that it is relative (depends on the viewpoint) because of the "identifiable"
How about even less specific and punting more to the regulation: "A data subject as defined by the GDPR."
Sure.