WF-007: GDPR Data Request Workflow
Overview
This workflow handles GDPR data subject requests, supporting both data access (Article 15) and data erasure (Article 17 - "Right to be Forgotten"). It compiles user data for export or performs anonymization and resource cleanup.
Trigger: HTTP POST to /gdpr-request endpoint
Duration: ~5-30 seconds (depending on request type)
Related Workflows: WF-008 (Offboarding for full account deletion)
Prerequisites
Before starting, ensure you have:
- Required tools installed
- Access to necessary resources
- Basic understanding of concepts
Verify setup:
# Verification command
Workflow Diagram
Step-by-Step Narrative
Step 1: GDPR Request Received
- Node: GDPR Request Webhook
- Type: HTTP POST Endpoint
- Path:
/gdpr-request - Actions:
- Receives data request from user portal or support
- Validates required fields:
user_id,request_type - Authenticates request (user must be logged in or verified)
- Validates request type:
accessorerasure
Step 2: Route by Request Type
- Node: Route by Request Type
- Type: Switch/Router
- Routes:
access→ Data Export Path (Route A)erasure→ Data Deletion Path (Route B)
Route A: Data Access Request (GDPR Article 15)
Step A1: Create GDPR Request Record
- Node: Create GDPR Request Record
- Type: PostgreSQL Insert
- Table:
public.gdpr_requests - Actions:
- Creates tracking record for the request
- Sets status to
processing - Records request type and timestamp
- Generates reference number for user
Step A2-A4: Gather User Data (Parallel)
Node A2: Get User Data
- Type: PostgreSQL Select
- Table:
public.users - Actions:
- Retrieves user profile data
- Includes email, display name, preferences
- Includes created_at, last_login_at
Node A3: Get Memberships
- Type: PostgreSQL Select
- Table:
public.organization_members - Actions:
- Retrieves all organization memberships
- Includes roles and join dates
Node A4: Get Activity Log
- Type: PostgreSQL Select
- Table:
public.audit_log - Actions:
- Retrieves user's activity history
- Includes actions, timestamps, resources
Step A5: Compile Export Package
- Node: Compile Export Package
- Type: Code (JavaScript)
- Actions:
- Combines all user data into structured JSON
- Formats for human readability
- Includes metadata (export date, request reference)
- Structures by category: profile, memberships, activity
Step A6: Upload to Cloud Storage
- Node: Upload to Cloud Storage
- Type: Google Cloud Storage
- Bucket:
coditect-gdpr-exports - Actions:
- Uploads export file with unique name
- Sets 30-day expiration on file
- Generates signed download URL
- Encrypts file at rest
Step A7: Send Export Email
- Node: Send Export Email
- Type: Email Send
- Actions:
- Notifies user their data export is ready
- Includes secure download link (30-day validity)
- Notes that credentials required to access
- Sent from:
privacy@coditect.ai
Route B: Data Erasure Request (GDPR Article 17)
Step B1: Anonymize User Data
- Node: Anonymize User Data
- Type: PostgreSQL Update
- Table:
public.users - Actions:
- Replaces email with
deleted-{partial_id}@coditect.ai - Replaces display name with "Deleted User"
- Clears preferences JSON to empty object
- Preserves ID for audit trail integrity
- Replaces email with
Step B2: Trigger Workstation Deletion
- Node: Trigger Workstation Deletion
- Type: Google Cloud Pub/Sub
- Topic:
workstation-events - Actions:
- Publishes
workstation.deleteevent - Includes user ID and reason:
gdpr_erasure - Triggers workstation resource cleanup
- Deletes cloud storage associated with user
- Publishes
Step B3: Send Erasure Confirmation
- Node: Send Erasure Confirmation
- Type: Email Send
- Actions:
- Confirms data has been erased
- Lists what was deleted (profile, workstation, files)
- Notes legal retention exceptions (billing for tax)
- Thanks user for using CODITECT
- Sent from:
privacy@coditect.ai
Step 3: Return Success Response
- Node: Success Response
- Type: Webhook Response
- Actions:
- Returns HTTP 200 with confirmation
- Includes request reference number
- Confirms request type processed
Data Flow
Access Request:
Input:
{
"user_id": "user-uuid",
"request_type": "access"
}
Export Package:
{
"export_date": "2024-01-15T10:00:00Z",
"data_subject": {
"id": "user-uuid",
"email": "user@example.com",
"display_name": "John Doe",
"created_at": "2023-06-01T...",
"last_login_at": "2024-01-14T..."
},
"memberships": [
{
"organization_id": "org-uuid",
"role": "developer",
"joined_at": "2023-06-01T..."
}
],
"activity_log": [
{
"action": "workstation.started",
"timestamp": "2024-01-14T10:00:00Z",
"resource": "workstation"
}
]
}
Output:
{
"success": true,
"message": "GDPR request processed",
"request_type": "access"
}
Erasure Request:
Input:
{
"user_id": "user-uuid",
"request_type": "erasure"
}
Output:
{
"success": true,
"message": "GDPR request processed",
"request_type": "erasure"
}
Result:
- User email: deleted-a1b2c3d4@coditect.ai
- User name: Deleted User
- User preferences: {}
- Workstation: Deleted
- Cloud storage: Deleted
GDPR Compliance Details
Article 15: Right of Access
- User receives machine-readable export (JSON)
- Export available for 30 days
- Includes all personal data held
- Free of charge (first request)
Article 17: Right to Erasure
- Personal data anonymized or deleted
- Processing stops immediately
- Third parties notified (if applicable)
- Exceptions for legal obligations retained
Legal Retention Exceptions
The following data is retained for legal compliance:
- Billing records: 7 years (tax requirements)
- Audit logs: 1 year (security compliance)
- Invoice references: Linked to billing
Response Timeframes
| Request Type | GDPR Requirement | Our SLA |
|---|---|---|
| Access | 1 month | 48 hours |
| Erasure | 1 month | 72 hours |
| Complex cases | +2 months | Case by case |
Error Handling
| Error | Cause | Response |
|---|---|---|
| 400 Bad Request | Invalid request type | { "error": "Request type must be 'access' or 'erasure'" } |
| 401 Unauthorized | Not authenticated | { "error": "Authentication required" } |
| 404 Not Found | User not found | { "error": "User account not found" } |
| 429 Too Many Requests | Repeated requests | { "error": "Request already pending" } |
Security Considerations
- User must be authenticated to make request
- Identity verified for erasure requests (email confirmation)
- Export files encrypted at rest in GCS
- Download links signed with expiration
- All requests logged in audit trail
- Data Processing Officer notified of erasure requests
Related Documents
- ADR-009: Multi-Tenant SaaS Architecture
- ADR-012: Data Isolation Strategy
- CODITECT Workflow Diagrams
- n8n Workflow JSON
Troubleshooting
Common Issue 1
Problem: Description of issue Solution: Steps to resolve
Common Issue 2
Problem: Description of issue Solution: Steps to resolve
Next Steps
After completing this guide:
- Explore: Additional related features
- Practice: Apply concepts in your project
- Reference: Related documentation