What does the term "data subject" refer to under GDPR?

The term "data subject" under the General Data Protection Regulation (GDPR) specifically refers to an individual whose personal data is being processed. This definition is fundamental to the regulation, as it establishes the individual’s rights regarding their personal information and outlines the obligations of organizations that handle such data.

By identifying the individual as the data subject, GDPR emphasizes the importance of protecting personal data and acknowledges that individuals have control over their information. This control includes rights such as access to their data, the right to rectify inaccuracies, and the right to request the deletion of their personal data under certain conditions.

The other choices relate to different aspects of data processing; they do not define a data subject. Organizations that process personal data or systems used for data storage play supportive roles in the overall ecosystem of data protection, but they do not represent the individuals whose information is at stake. Similarly, service providers for data management are entities that may assist in data processing, but they are not the focus of the GDPR's provisions concerning personal data rights. Understanding the specific role of the data subject is crucial for compliance with GDPR and for fostering responsible data handling practices.