---
name: gdpr-compliance
description: This skill provides comprehensive guidance for implementing and reviewing GDPR-compliant features in Empathy Ledger.
---
# GDPR Compliance Skill
This skill provides comprehensive guidance for implementing and reviewing GDPR-compliant features in Empathy Ledger.
## GDPR Rights Reference
### Article 15 - Right of Access
**Requirement**: Users can request a copy of their personal data
**Implementation**:
```typescript
// GET /api/user/export
const data = await gdprService.exportUserData(userId)
// Returns: stories, media, profile, consent records, activity logs
```
### Article 16 - Right to Rectification
**Requirement**: Users can correct inaccurate personal data
**Implementation**:
- Edit profile via profile settings
- Edit stories via story editor
- All changes logged in audit trail
### Article 17 - Right to Erasure (Right to be Forgotten)
**Requirement**: Users can request deletion of their data
**Implementation**:
```typescript
// POST /api/user/deletion-request
// Initiates 30-day deletion workflow
// POST /api/stories/[id]/anonymize
// Immediate anonymization of specific story
```
**Anonymization Process**:
1. Remove PII from story content
2. Replace author name with "Anonymous Storyteller"
3. Disassociate from profile (set storyteller_id = null)
4. Revoke all active distributions
5. Anonymize related media
6. Keep anonymized audit trail
### Article 20 - Right to Data Portability
**Requirement**: Users can export data in machine-readable format
**Implementation**:
- JSON export format
- Includes all user-generated content
- Downloadable via vault dashboard
## Consent Management
### Consent Capture
```typescript
interface ConsentRecord {
has_consent: boolean // Initial consent given
consent_verified: boolean // Consent verification completed
consent_method?: string // 'written' | 'verbal' | 'digital'
consent_date?: Date
consent_witness_id?: string // For verbal consent
}
```
### Consent Withdrawal
```typescript
// POST /api/stories/[id]/consent/withdraw
// Triggers:
// 1. Set consent_withdrawn_at timestamp
// 2. Revoke all embed tokens
// 3. Mark all distributions as revoked
// 4. Send webhook notifications
// 5. Queue external takedown requests
// 6. Create audit log entries
```
## Data Processing Lawful Bases
For Empathy Ledger, we rely on:
1. **Consent (Article 6(1)(a))** - Primary basis for story sharing
2. **Legitimate Interest (Article 6(1)(f))** - Platform operation, security
## Data Minimization
### Collect Only What's Needed
- Essential profile data: name, email, organization
- Story content: as provided by user
- Technical data: minimal logging for security
### Retention Limits
- Active data: retained while account active
- Deleted data: fully removed within 30 days
- Anonymized data: kept for aggregate statistics only
- Audit logs: anonymized after account deletion
## Implementation Checklist
### User Data Export
```
□ Export includes all user stories
□ Export includes media files
□ Export includes profile data
□ Export includes consent records
□ Export includes activity log
□ Format is JSON (machine-readable)
□ Download is secure (authenticated)
```
### Data Deletion
```
□ Deletion request creates ticket
□ User receives confirmation email
□ 30-day processing window
□ All stories anonymized or deleted
□ All media files removed
□ Profile data erased
□ Audit trail anonymized
□ Third-party distributions notified
```
### Consent Tracking
```
□ Consent captured before distribution
□ Consent method recorded
□ Consent can be withdrawn
□ Withdrawal cascades automatically
□ Audit trail for consent changes
□ Re-consent required for new purposes
```
## API Endpoints
### Data Rights
- `GET /api/user/export` - Export all user data
- `POST /api/user/deletion-request` - Request account deletion
- `GET /api/user/deletion-request` - Check deletion status
### Story-Level GDPR
- `POST /api/stories/[id]/anonymize` - Anonymize specific story
- `POST /api/stories/[id]/consent/withdraw` - Withdraw consent
### Audit Access
- `GET /api/stories/[id]/audit` - View story audit trail
- `POST /api/stories/[id]/audit/export` - Export audit report
## Database Schema
### deletion_requests
```sql
CREATE TABLE deletion_requests (
id UUID PRIMARY KEY,
user_id UUID NOT NULL,
tenant_id UUID NOT NULL,
request_type TEXT NOT NULL, -- 'anonymize_story', 'delete_account'
status TEXT DEFAULT 'pending', -- 'pending', 'processing', 'completed'
requested_at TIMESTAMPTZ,
processed_at TIMESTAMPTZ,
completed_at TIMESTAMPTZ
);
```
### Story Anonymization Fields
```sql
-- On stories table
anonymization_status TEXT, -- null, 'partial', 'full'
anonymized_fields JSONB, -- Track what was anonymized
consent_withdrawn_at TIMESTAMPTZ -- When consent was withdrawn
```
## Services
### GDPRService
```typescript
class GDPRService {
exportUserData(userId: string): Promise<DataExport>
anonymizeStory(storyId: string): Promise<AnonymizeResult>
anonymizeUserData(userId: string): Promise<AnonymizeResult>
createDeletionRequest(userId: string, type: string): Promise<Request>
processDeletionRequest(requestId: string): Promise<void>
scrubPII(content: string): string
}
```
## Code Review for GDPR
When reviewing code, verify:
1. **Data Collection**: Is this data necessary?
2. **Consent**: Is consent captured before processing?
3. **Access**: Can users access their data?
4. **Rectification**: Can users correct their data?
5. **Erasure**: Can users delete their data?
6. **Portability**: Can users export their data?
7. **Audit**: Are actions logged?
8. **Security**: Is data properly protected?
