[corpospec]
Privacy pillar · v0.16.0

gdpr-dpia GdprDpia

DPIA record.

$id · https://corpospec.com/schemas/v0.16.0/gdpr-dpia.schema.json

View raw JSON → ← all schemas

Fields

Field Type Required Description
art36_required boolean yes Whether Art. 36 prior consultation was required.
created_at IsoDate yes ISO 8601 date (YYYY-MM-DD).
entity PathRef yes Path-based cross-reference relative to .corpospec/ root. Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$`
id PathRef yes Path-based cross-reference relative to .corpospec/ root. Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$`
identified_risks IdentifiedRisk[] yes Risks to data subjects (Art. 35(7)(c)).
last_reviewed IsoDate yes ISO 8601 date (YYYY-MM-DD).
necessity_proportionality string yes Necessity + proportionality assessment (Art. 35(7)(b)).
next_review_due IsoDate yes ISO 8601 date (YYYY-MM-DD).
processing_description string yes Systematic description of processing (Art. 35(7)(a)).
processing_record PathRef yes PathRef into the underlying processing record (Art. 30).
status DpiaStatus yes DPIA lifecycle.
triggers DpiaTrigger[] yes
authority_response_date IsoDate?
authority_response_ref PathRef? Supervisory authority response (if Art. 36 invoked).
dpo_signoff PathRef? DPO sign-off (PathRef into DPO record).
dpo_signoff_date IsoDate?
stakeholder_consultation string? Stakeholder consultation outcome (data subjects, DPO, third parties).

Definitions

Shared types referenced within this schema.

DpiaStatus
DPIA lifecycle.
DpiaTrigger
DPIA trigger (EDPB 9-criteria + custom).
IdentifiedRisk
One identified risk + mitigations.
type: object
IsoDate
ISO 8601 date (YYYY-MM-DD).
type: string
PathRef
Path-based cross-reference relative to .corpospec/ root. Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$`
pattern: ^[a-z0-9_-]+(/[a-z0-9_.-]+)+$
RiskSeverity
Risk severity.
enum: "negligible", "low", "medium", "high", "very_high"

Reference in your YAML

# yaml-language-server: $schema=https://corpospec.com/schemas/v0.16.0/gdpr-dpia.schema.json