GDPR Compliance
| Field | Value |
|---|---|
| Document ID | ASCEND-DATA-002 |
| Version | 1.0.0 |
| Last Updated | December 19, 2025 |
| Author | Ascend Engineering Team |
| Publisher | OW-KAI Technologies Inc. |
| Classification | Enterprise Client Documentation |
| Compliance | SOC 2 CC6.1/CC6.2, PCI-DSS 7.1/8.3, HIPAA 164.312, NIST 800-53 AC-2/SI-4 |
Reading Time: 8 minutes | Skill Level: Intermediate
Overview
ASCEND provides comprehensive GDPR compliance features including data subject rights management, consent tracking, data lineage, and automated request processing.
Supported Rights
Article 15 - Right of Access
Data subjects can request access to their personal data.
curl -X POST "https://pilot.owkai.app/api/data-rights/access/request" \
-H "Authorization: Bearer <admin_jwt>" \
-H "Content-Type: application/json" \
-d '{
"data_subject_id": "user_12345",
"data_subject_email": "user@example.com",
"request_type": "access",
"legal_basis": "gdpr_article_15",
"verification_method": "email",
"include_categories": ["profile", "activity", "preferences"]
}'
Response:
{
"request_id": "dsr_abc123",
"status": "pending_verification",
"estimated_completion": "2025-12-22T10:00:00Z",
"verification_sent_to": "user@example.com"
}
Article 17 - Right to Erasure
Data subjects can request deletion of their personal data.
curl -X POST "https://pilot.owkai.app/api/data-rights/erasure/request" \
-H "Authorization: Bearer <admin_jwt>" \
-d '{
"data_subject_id": "user_12345",
"data_subject_email": "user@example.com",
"request_type": "erasure",
"legal_basis": "gdpr_article_17",
"erasure_scope": "full",
"retention_exceptions": ["legal_hold", "regulatory"]
}'
Erasure Scope Options:
full- Delete all personal datapartial- Delete specific categoriesanonymize- Replace with anonymized data
Article 20 - Right to Portability
Data subjects can request their data in a portable format.
curl -X POST "https://pilot.owkai.app/api/data-rights/portability/request" \
-H "Authorization: Bearer <admin_jwt>" \
-d '{
"data_subject_id": "user_12345",
"request_type": "portability",
"legal_basis": "gdpr_article_20",
"format": "json",
"include_categories": ["profile", "activity", "preferences"]
}'
Supported Formats:
json- JSON formatcsv- CSV formatxml- XML format
Consent Management
Record Consent
curl -X POST "https://pilot.owkai.app/api/data-rights/consent/record" \
-H "Authorization: Bearer <admin_jwt>" \
-d '{
"data_subject_id": "user_12345",
"purpose": "marketing_communications",
"legal_basis": "consent",
"consent_given": true,
"consent_method": "explicit_checkbox",
"consent_text": "I agree to receive marketing emails",
"expiry_date": "2026-12-15T00:00:00Z"
}'
Check Consent Status
curl "https://pilot.owkai.app/api/data-rights/consent/user_12345/status" \
-H "Authorization: Bearer <jwt_token>"
Response:
{
"data_subject_id": "user_12345",
"consents": [
{
"purpose": "marketing_communications",
"status": "active",
"given_at": "2025-06-15T10:00:00Z",
"expires_at": "2026-12-15T00:00:00Z"
},
{
"purpose": "analytics",
"status": "active",
"given_at": "2025-06-15T10:00:00Z",
"expires_at": null
}
]
}
Withdraw Consent
curl -X POST "https://pilot.owkai.app/api/data-rights/consent/withdraw" \
-H "Authorization: Bearer <admin_jwt>" \
-d '{
"data_subject_id": "user_12345",
"purpose": "marketing_communications",
"withdrawal_reason": "No longer interested"
}'
Data Lineage
Track how personal data flows through your systems.
Record Data Flow
curl -X POST "https://pilot.owkai.app/api/data-rights/lineage/record" \
-H "Authorization: Bearer <admin_jwt>" \
-d '{
"data_subject_id": "user_12345",
"source_system": "crm",
"destination_system": "analytics",
"data_categories": ["email", "purchase_history"],
"processing_purpose": "customer_analytics",
"legal_basis": "legitimate_interest",
"retention_period_days": 365
}'
Query Data Lineage
curl "https://pilot.owkai.app/api/data-rights/lineage/user_12345" \
-H "Authorization: Bearer <jwt_token>"
Response:
{
"data_subject_id": "user_12345",
"lineage_records": [
{
"source": "web_form",
"destination": "crm",
"categories": ["name", "email"],
"purpose": "customer_registration",
"recorded_at": "2025-01-15T10:00:00Z"
},
{
"source": "crm",
"destination": "analytics",
"categories": ["email", "purchase_history"],
"purpose": "customer_analytics",
"recorded_at": "2025-06-15T10:00:00Z"
}
]
}
Request Processing Workflow
┌─────────────────┐
│ Request Received │
└────────┬────────┘
│
▼
┌─────────────────┐
│ Verify │◄─── Identity verification
│ Identity │ (email, ID document)
└────────┬────────┘
│
▼
┌─────────────────┐
│ Validate │◄─── Check legal basis
│ Request │ Check exceptions
└────────┬────────┘
│
┌────┴────┐
│ │
▼ ▼
┌────────┐ ┌────────┐
│Approved│ │Rejected│
└───┬────┘ └───┬────┘
│ │
▼ ▼
┌────────┐ ┌────────┐
│Process │ │ Notify │
│Request │ │Rejection│
└───┬────┘ └────────┘
│
▼
┌─────────────────┐
│ Generate │
│ Evidence Pack │
└────────┬────────┘
│
▼
┌─────────────────┐
│ Notify Subject │
└─────────────────┘
Request Status Tracking
Get Request Status
curl "https://pilot.owkai.app/api/data-rights/requests/dsr_abc123" \
-H "Authorization: Bearer <jwt_token>"
Response:
{
"request_id": "dsr_abc123",
"request_type": "access",
"status": "processing",
"data_subject_id": "user_12345",
"created_at": "2025-12-15T10:00:00Z",
"status_history": [
{"status": "received", "timestamp": "2025-12-15T10:00:00Z"},
{"status": "verified", "timestamp": "2025-12-15T10:30:00Z"},
{"status": "processing", "timestamp": "2025-12-15T11:00:00Z"}
],
"estimated_completion": "2025-12-22T10:00:00Z",
"sla_deadline": "2025-01-14T10:00:00Z"
}
List All Requests
curl "https://pilot.owkai.app/api/data-rights/requests?status=pending&type=erasure" \
-H "Authorization: Bearer <admin_jwt>"
Retention Policies
Configure Retention
curl -X POST "https://pilot.owkai.app/api/data-rights/retention/policies" \
-H "Authorization: Bearer <admin_jwt>" \
-d '{
"name": "Customer Data Retention",
"data_categories": ["profile", "activity"],
"retention_period_days": 1095,
"legal_basis": "contract_fulfillment",
"auto_delete": true,
"exceptions": ["legal_hold", "active_dispute"]
}'
GDPR Compliance Reports
Generate Compliance Report
curl -X POST "https://pilot.owkai.app/api/compliance-export/exports" \
-H "Authorization: Bearer <admin_jwt>" \
-d '{
"framework": "gdpr",
"report_type": "compliance_summary",
"period_start": "2025-01-01",
"period_end": "2025-12-31",
"include_sections": [
"dsr_statistics",
"consent_management",
"data_breaches",
"processing_activities"
]
}'
Report Contents:
- DSR request statistics
- Average response times
- Consent records summary
- Data breach incidents
- Processing activity register
Data Breach Notification
Report Data Breach
curl -X POST "https://pilot.owkai.app/api/data-rights/breaches/report" \
-H "Authorization: Bearer <admin_jwt>" \
-d '{
"breach_type": "unauthorized_access",
"discovered_at": "2025-12-15T10:00:00Z",
"affected_subjects_count": 150,
"data_categories_affected": ["email", "name"],
"risk_level": "medium",
"containment_status": "contained",
"notify_supervisory_authority": true,
"notify_affected_subjects": true
}'
Automated Processing
Configure Automation
curl -X POST "https://pilot.owkai.app/api/data-rights/automation/rules" \
-H "Authorization: Bearer <admin_jwt>" \
-d '{
"request_type": "access",
"auto_approve": true,
"conditions": {
"verification_passed": true,
"no_legal_hold": true
},
"max_auto_approve_per_day": 100
}'
Best Practices
1. Identity Verification
Always verify data subject identity before processing:
{
"verification_methods": [
"email_verification",
"knowledge_based_auth",
"id_document"
],
"verification_required": true
}
2. Response Timelines
| Request Type | GDPR Deadline | Recommended |
|---|---|---|
| Access | 30 days | 7 days |
| Erasure | 30 days | 14 days |
| Portability | 30 days | 7 days |
| Rectification | 30 days | 3 days |
3. Documentation
Maintain records of:
- All DSR requests and responses
- Consent given and withdrawn
- Data processing activities
- Breach notifications
Next Steps
- CCPA Compliance - California privacy law
- Data Rights Overview - Full capabilities
- Compliance Reports - Generate reports
Document Version: 1.0.0 | Last Updated: December 2025