Action guide
Prove every GDPR Article 15 access request was handled
POST
/v1/events · data.export.requestedEmit a `data.export.requested` event every time a user or an admin exports personal data. GDPR Article 15 gives users a right of access, emit the event the moment the export is queued.
When to emit
In the endpoint that queues the export job, whether the requester is the data subject or a staff member acting on their behalf.
Example payload
await recalled.events.create({
action: "data.export.requested",
actor: { id: user.id, email: user.email },
organization: user.organizationId,
metadata: {
format: "value",
scope: "value",
requesterType: "value"
},
});Metadata to include
Keep metadata flat and consistent across your service so it plays well with search and CSV exports.
| Key | Purpose |
|---|---|
format | csv, json, zip |
scope | single_user, organization, full_account |
requesterType | self, staff, legal |
Suggested retention
Keep at least 36 months for GDPR Article 15 compliance evidence.