Which type of data subject is NOT covered by the GDPR?

The General Data Protection Regulation (GDPR) provides protections for the personal data of living individuals and does not extend its coverage to deceased individuals. This distinction is important because the regulation is designed to protect the rights and freedoms of individuals while they are alive, particularly in relation to the processing of their personal data.

In the context of GDPR, personal data refers to any information that relates to an identified or identifiable natural person. Once a person has passed away, the considerations around their personal data change, as they no longer possess personal rights or the ability to consent. While some countries may have specific regulations concerning the handling of personal data of deceased individuals, such provisions fall outside the scope of the GDPR itself.

On the other hand, newborn children, persons under 18, and persons over 65 are all considered data subjects under GDPR. The regulation includes specific provisions to protect the data of minors, recognizing that individuals below a certain age (usually 16, though this can vary by member state) require additional safeguards. The protections for personal data are applicable to all living individuals, regardless of age, ensuring their privacy and security in the digital environment.