Skip to content

Data Subjects Reference

Data Subject are the group of labels commonly assigned to describe the type of system users to whom data may belong or is being processed. Examples might be customers, patients or simply abstract users.

A Data Subject is a label that describes a segment of individuals whose data you store. Data Subject labels are typically fairly broad -- "Citizen", "Visitor", "Passenger", and so on -- although you be as specific as your system needs: "Fans in Section K", for example.

Object Structure

fides_key     constrained string

A string token of your own invention that uniquely identifies this Data Subject. It's your responsibility to ensure that the value is unique across all of your Data Subject objects. The value can only contain alphanumeric characters, hyphens, periods and underscores ([A-Za-z0-9_.-]).

name     string

A UI-friendly label for the Data Subject.

description     string

A human-readable description of the Data Subject.

rights     enum

An array of rights available to the data subject, made of available values coupled with Chapter 3 of the GDPR. The output of a data map is based upon the strategy for applying rights (rights.strategy) and the selections made from the following valid options:

  • Informed
  • Access
  • Rectification
  • Erasure
  • Portability
  • Restrict Processing
  • Withdraw Consent
  • Object
  • Object to Automated Processing

strategy     enum

A strategy for selecting the rights available to the data subject.

  • ALL
  • EXCLUDE
  • INCLUDE
  • NONE

automated_decisions_or_profiling     boolean

A boolean value of whether or not automated decision-making or profiling exists. Tied to article 22 of the GDPR.

organization_fides_key     string     default: default_organization

The fides key of the organization to which this Data Subject belongs.

Extensibility and interoperability

Data Subjects in the taxonomy are designed to support common privacy regulations and standards out of the box, these include GDPR, CCPA, LGPD and ISO 19944.

You can extend the taxonomy to support your system needs. If you do this, we recommend extending from the existing class structures to ensure interoperability inside and outside your organization.

If you have suggestions for core classes that should ship with the taxonomy, please submit your requests here

Data Subjects

At present, Data Subjects are a flat structure with no subcategories, although this is likely to change over time.

Currently, your collection of Data Subjects is given as a flat list: A Data Subject can't contain other Data Subjects.

Label Parent Key Description
anonymous_user - An individual that is unidentifiable to the systems. Note - This should only be applied to truly anonymous users where there is no risk of re-identification
citizen_voter - An individual registered to voter with a state or authority.
commuter - An individual that is traveling or transiting in the context of location tracking.
consultant - An individual employed in a consultative/temporary capacity by the organization.
customer - An individual or other organization that purchases goods or services from the organization.
employee - An individual employed by the organization.
job_applicant - An individual applying for employment to the organization.
next_of_kin - A relative of any other individual subject where such a relationship is known.
passenger - An individual traveling on some means of provided transport.
patient - An individual identified for the purposes of any medical care.
prospect - An individual or organization to whom an organization is selling goods or services.
shareholder - An individual or organization that holds equity in the organization.
supplier_vendor - An individual or organization that provides services or goods to the organization.
trainee - An individual undergoing training by the organization.
visitor - An individual visiting a location.
Back to top