Privacy pillar · v0.16.0
gdpr-subject-request GdprSubjectRequest
Subject request record.
$id · https://corpospec.com/schemas/v0.16.0/gdpr-subject-request.schema.json
Fields
| Field | Type | Required | Description |
|---|---|---|---|
| deadline | IsoDate | yes | Statutory deadline (received_at + 1 month, or +3 months if extended). |
| entity | PathRef | yes | Path-based cross-reference relative to .corpospec/ root. Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$` |
| extended | boolean | yes | Whether the deadline was extended under Art. 12(3). |
| id | PathRef | yes | Path-based cross-reference relative to .corpospec/ root. Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$` |
| kind | SubjectRequestKind | yes | Request type per GDPR article. |
| pii_class | PiiClass | yes | Personal-data classification on every record carrying personal data, per BDR 0070 / BDR 0069 / BDR 0078. Used by `corpospec-report` to gate rendering and by the privacy pillar's RoPA records to determine safeguards. |
| received_at | IsoDate | yes | Date the request was received. |
| retention_until | IsoDate | yes | Retention: 3 years after closure (BGB §195) — narrow because the record itself contains PII pseudonyms. |
| status | SubjectRequestStatus | yes | Lifecycle. |
| subject_pseudonym | string | yes | Pseudonymised subject reference (e.g. hash of email; never the email itself in this record). |
| identity_verified_at | IsoDate? | — | Date identity was verified. |
| outcome | RequestOutcome? | — | Outcome (None until the request is closed). |
| request_ref | PathRef? | — | PathRef to the request-text artefact (email, form submission). |
| scoped_processing_records | PathRef[] | — | PathRefs to processing records the request scans. |
| subject_ref | PathRef? | — | Optional PathRef into the canonical subject record (people/, or customer-of-tenant ledger). Only present when the subject is an internal known person. |
Definitions
Shared types referenced within this schema.
IsoDate
ISO 8601 date (YYYY-MM-DD).
type: string
PathRef
Path-based cross-reference relative to .corpospec/ root.
Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$`
pattern: ^[a-z0-9_-]+(/[a-z0-9_.-]+)+$
PiiClass
Personal-data classification on every record carrying personal data, per
BDR 0070 / BDR 0069 / BDR 0078. Used by `corpospec-report` to gate
rendering and by the privacy pillar's RoPA records to determine
safeguards.
RequestOutcome
Outcome / decision narrative.
type: object
SubjectRequestKind
Request type per GDPR article.
SubjectRequestStatus
Lifecycle.
Reference in your YAML
# yaml-language-server: $schema=https://corpospec.com/schemas/v0.16.0/gdpr-subject-request.schema.json