Edit the existing ACS Path logo image so that it fits cleanly into a square 1:1 aspect ratio canvas, keeping the full logo content centered without distortion, on a fully transparent background suitable for use on dark or light site headers.

ACSPath

We support companies in implementing GDPR compliance,
managing data protection risks,
and building robust governance frameworks
aligned with EU regulations.

GDPR data subject explained – Definition and examples of personal data used by service providers

Elimină fundalul imaginii logo ACS Path pentru a avea un fundal complet transparent.

Under Regulation (EU) 2016/679 on the protection of personal data (GDPR), the ‘data subject’ is defined in Art. 4(1) as any identified or identifiable natural person. A person is considered identifiable when he or she can be recognized, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier or to one or more elements specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

This definition is broad in nature and covers, in practice, all natural persons whose data are processed by controllers or processors (e.g. IT service providers, marketing, HR, call-centre, maintenance, etc.). In the current activity of these providers, data subjects may include, but are not limited to: customers, potential customers, employees of the beneficiary, collaborators or other persons who interact with the services provided.

According to Art. 4 (2) GDPR, the “processing” of personal data includes any operation performed on the data, such as the collection, recording, storage, use, transmission or deletion of the data. In this context, service providers frequently process personal data on the basis of legal bases set out in Art. 6 GDPR, such as performance of a contract, legal obligation or legitimate interest.

Examples of commonly processed personal data

In the normal activity of service providers, the following categories of personal data may be processed:

  • Identification data: name, surname, series and ID number;
  • Contact details: e-mail address, telephone number, postal address;
  • Contractual data: information on the contractual relationship (purchased services, transaction history, invoices);
  • Professional data: position, employer, department (in B2B relationships);
  • Financial data: bank account, payment information (to the extent necessary);
  • Technical data: IP address, online identifiers, access logs (in the case of digital services);
  • Location data: when the service involves such functionalities (e.g. mobile applications, GPS).

It is important to note that the processing of this data must comply with the principles set out in Art. 5 GDPR, such as legality, fairness, transparency, data minimization and limitation of the storage period. Service providers must also ensure the implementation of appropriate technical and organizational measures for data protection, according to Art. 32 GDPR.

In conclusion, the notion of “data subject” is the foundation of the entire protection mechanism established by the GDPR, and service providers must treat with maximum responsibility any data that may lead, directly or indirectly, to the identification of a natural person, ensuring compliance with the applicable legal requirements.

*This material is informative and reflects a general interpretation of the aspects analyzed, without constituting legal advice applicable to specific situations. For specific assessments or adapted solutions, we invite you to contact us by filling out the available form, by accessing the button below.

Contact

Leave a Reply

Discover more from ACSPath

Subscribe now to keep reading and get access to the full archive.

Continue reading