My point is that the question of "ownership" is debatable, i.e., neither the subject nor the controller can be said to own it, and that the GDPR tries precisely to avoid that issue by giving data subjects more say in what can be done with data
about them.
The GDPR, while using phrases such as "own data", makes no specific reference to ownership, but rather, as you say, to "control" ("Natural persons should have control of their own personal data"). This is why I'd hesitate to use "control" here also; it might suggest that the "subject" has less control than the "controller".
Maybe the drafter meant to say "posesión", yet instead they opted for "titularidad", which is simply wrong, legally speaking, but it is what it is. I can't see any other option but ownership.
In data management, "data owner" is a term organizations use to describe what we would refer to in the specific case of personal data as the "data controller", presumably because they have traditionally viewed customer databases and mailing lists as just another area of their proprietary data. Perhaps this led to the drafter's confusion here.
http://www.businessdictionary.com/definition/data-owner.html