Editor’s Note: Sometimes we come across articles we wished we had written ourselves. This series from Dan Chapman looks very promising. We will do our best to post all modules as Dan publishes them. Enjoy!
Module 1: Foundations
Lesson: Thinking Styles and What is a Data Subject?
Introduction
Now Introductions are out of the way let’s move on.
Before we can get into more detailed discussions of using Privacy and Data Protection concepts in the real world, I need to make sure we’re all on the same starting page. To do that there’s a little foundation work to do because without a solid foundation you won’t feel confident enough applying it or talking about it with executive management.
The first few articles will explore these basic principles and ensure we’re all aligned, then we can move on to the fun stuff. This article explores the way we need to think to get a handle on the new Privacy laws (I still count the GDPR as new) and what we mean by the term “Data Subject”.
What is a Data Subject?
You might be wondering why I need to explain this, the Data Subject is just the person that is identified by the Personal Data. Nice and easy some might say, job done, whole article written. What do you even need me for if it’s that straightforward?
But it’s not that straightforward, and I wouldn’t waste your time (or mine) by giving that type of pointless advice that didn’t add any value. There’s nothing wrong with that definition as such, it’s technically accurate as far as it goes. The issue with saying a Data Subject is a ‘person’ has more to do with how humans think than the words themselves. In the world of Privacy and Data Protection using that definition of a Data Subject creates a System 1 error that can be incredibly costly. We’ll explore what that means below.
Two Types of Thinking
Before we get to what a Data Subject is, I want to explain that System 1 error comment. To do that we’ll need to spend a moment talking about how humans think. You’ll see its importance more and more as we progress through these articles, it’s something I want you to keep coming back to in your mind. Operationalising Privacy and Data Protection in the real world often relies on recognising and managing tiny details and humans aren’t naturally good at that.
When we hear the word ‘person’ we have an unconscious bias about what that means, this mental image has been forged slowly over every day of our lives – we think about a physical human being, with a name, that we could touch. If I took you to a room telling you I was going to introduce you to a person of interest, that’s what you’d expect isn’t it? That’s the picture your mind immediately gives you, that there will be a group of ‘people’ and that I will take you to a specific one of them?
That mental image is natural, our brains are wired to do it, it’s partly why humans have done so well at surviving. It is, however, wrong. You fell into a trap caused by something that can be called System 1 when you should have been using System 2 thinking.
System 1 Thinking:..