live1,247 agents deployedbuilt by a solo devpowered by hermes
← All skillsSign up to install

gdpr-compliance

General0 installsUpdated 19d ago
Curatedvibeeval

name: gdpr-compliance

SKILL.md preview

---
name: gdpr-compliance
description: GDPR compliance - data subject rights, lawful basis, DPIA, privacy by design, breach notification, consent management, cross-border transfers, PII masking
---

# GDPR Compliance

## Data Subject Rights

### Rights Overview

| Right | Article | SLA | Implementation |
|-------|---------|-----|----------------|
| Right of Access | Art. 15 | 30 gun | Data export endpoint |
| Right to Rectification | Art. 16 | 30 gun | Profile edit + audit trail |
| Right to Erasure | Art. 17 | 30 gun | Cascading delete + anonymize |
| Right to Restriction | Art. 18 | 30 gun | Processing flag on record |
| Right to Portability | Art. 20 | 30 gun | Machine-readable export (JSON/CSV) |
| Right to Object | Art. 21 | 30 gun | Opt-out mechanism |
| Automated Decision-Making | Art. 22 | 30 gun | Human review override |

### Data Subject Request Handler

```typescript
interface DSRRequest {
  id: string;
  type: 'access' | 'rectification' | 'erasure' | 'restriction' | 'portability' | 'objection';
  subjectId: string;
  verifiedIdentity: boolean;
  receivedAt: Date;
  deadline: Date;  // receivedAt + 30 gun
  status: 'received' | 'verified' | 'processing' | 'completed' | 'rejected';
  reason?: string;
}

async function handleDSR(request: DSRRequest): Promise<DSRResponse> {
  // Step 1: Identity verification ZORUNLU
  if (!request.verifiedIdentity) {
    return { status: 'rejected', reason: 'Identity not verified' };
  }

  // Step 2: Check deadline
  const daysRemaining = differenceInDays(request.deadline, new Date());
  if (daysRemaining <= 5) {
    await alertDPO({ type: 'dsr_deadline_approaching', request });
  }

  // Step 3: Process by type
  switch (request.type) {
    case 'access':
      return await generateDataExport(request.subjectId);
    case 'erasure':
      return await executeErasure(request.subjectId);
    case 'portability':
      return await generatePortableExport(request.subjectId, 'json');
    case 'rectification':
      return await updateSubjectData(request.subjectId, request.corrections);
    case 'restriction':
      return await restrictProcessing(request.subjectId);
    case 'objection':
      return await recordObjection(request.subjectId, request.reason);
  }
}
```

### Right to Erasure Implementation

```typescript
async function executeErasure(subjectId: string): Promise<ErasureResult> {
  const erasureLog: ErasureStep[] = [];

  await db.transaction(async (tx) => {
    // 1. Anonymize user record (yasal zorunluluklar haric)
    await tx.users.update({
      where: { id: subjectId },
      data: {
        email: `erased-${hash(subjectId)}@deleted.local`,
        name: 'Erased User',
        phone: null,
        address: null,
        dateOfBirth: null,
        deletedAt: new Date(),
      },
    });
    erasureLog.push({ table: 'users', action: 'anonymized' });

    // 2. Delete personal messages
    const deletedMessages = await tx.messages.deleteMany({
      where: { userId: subjectId },
    });
    erasureLog.push({ table: 'messages', action: 'deleted', count: deletedMessages.count });

    // 3. Delete sessions and tokens
    await tx.sessions.deleteMany({ where: { userId: subjectId } });
    await tx.refreshTokens.deleteMany({ where: { userId: subjectId } });
    erasureLog.push({ table: 'sessions', action: 'deleted' });

    // 4. Anonymize audit logs (log kaydi kalir, kisi bilgisi gider)
    await tx.auditLogs.updateMany({
      where: { actorId: subjectId },
      data: { actorId: 'erased', actorEmail: 'erased' },
    });
    erasureLog.push({ table: 'auditLogs', action: 'anonymized' });

    // 5. Notify third-party processors
    await notifyProcessors(subjectId, 'erasure');

    // 6. Record erasure for compliance
    await tx.erasureRecords.create({
      data: {
        subjectHash: hash(subjectId),
        erasedAt: new Date(),
        systems: erasureLog,