Lexicon > Person concerned

IT Glossary

Person concerned

A data subject within the meaning of the GDPR is any identified or identifiable natural person whose personal data are processed.

Identified” means a natural person whose identity is clearly known, and “identifiable” means a natural person who can reasonably be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Data subjects within the meaning of the GDPR do not include persons who are not or no longer identifiable, legal persons or deceased natural persons.

However, even if they deserve specific protection with regard to their personal data because they may be less aware of the risks, consequences and safeguards involved and their rights related to the processing of personal data, children can also be considered as data subjects within the meaning of the RGPD.

The RGPD puts the data subject at the center of its philosophy and thus intends to limit the risks to his or her rights and freedoms as a result of processing of personal data concerning her, in particular the right to the protection of personal data, ensuring a consistent and high level of their protection within the European Union.

In this respect, the data subject has, in principle, a certain number of rights regarding the data concerning him/her that he/she can exercise with the person responsible for processing them, and in particular :

RGPD Point

“For the purposes of this Regulation, the following definitions apply: “personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an “identifiable natural person” is deemed to be a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.”

Article 4.1 of the GDPR

Point of jurisprudence

The Court of Justice of the European Union has ruled that a camera-based video surveillance system “must be qualified as automated personal data processing, (…), when the system set up makes it possible to record and store personal data such as images that make it possible to identify natural persons.

Court of Justice of the European Union, December 11, 2014, N°C-212/13

The Bouchara firm assists you in particular in :

  • Making your organization RGPD compliant;
  • The drafting of data protection policies (privacy policy, computer charter …);
  • Documentation of your processing (register of processing activities, register of violations, privacy impact analysis, prior consultation…);
  • Obtaining certifications and adhering to codes of conduct;
  • The study of the legal feasibility of the implementation of a new personal data processing;
  • The drafting and transmission of your codes of conduct to the CNIL for approval;
  • Legal analysis of the compliance of your data processing, including data transfers outside the European Economic Area;
  • Drafting and negotiating your data processing agreements (DPA);
  • Drafting your Binding Corporate Rules (BCR) and Codes of Conduct;
  • Training and awareness of your employees.

We are also the external Data Protection Officer of many data processors and subcontractors.