Definition
In data protection law, a **data subject (DS)** is an identified or identifiable natural person to whom personal data relate, typically defined via the notion of personal data in instruments such as the GDPR. In IAM/IGA contexts, the term is used for the individual whose identity and attributes are represented and processed in the system. In midPoint specifically, a data subject usually corresponds to a **User** object (UserType) whose personal data the system manages, though other object types (e.g. FocusType subclasses) may also hold personal data depending on configuration.
- Standards & regulations
-
- Regulation (EU) 2016/679 (GDPR) «‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly.»
- Sources
-
- GDPR — Regulation (EU) 2016/679 (EUR-Lex) primary source
Related terms
-
Attribute (Attr)
In identity and access management, an **attribute** is a characteristic or property of an entity (such as an account, pr …
-
Identity Governance (IG)
Discipline of policies, processes, and oversight ensuring identities have appropriate access — no more, no less — throug …
-
Identity Governance and Administration (IGA)
Gartner-defined category combining identity governance (policies, access reviews, compliance) with administration (provi …
-
Singpass (Singapore National Digital Identity) (Singpass)
Singapore's national digital identity platform operated by GovTech, used by citizens and residents for access to 2,000+ …
-
AAL (AAL)
NIST SP 800-63B Authenticator Assurance Level — measures the robustness of the authentication process. AAL1: single-fact …
-
Access Certification (AC)
Periodic review process where designated reviewers (managers, role owners, application owners) attest that users still n …